./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor445257795 <...> [ 97.601234][ T8] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.201' (ED25519) to the list of known hosts. execve("./syz-executor445257795", ["./syz-executor445257795"], 0x7ffd78b34920 /* 10 vars */) = 0 brk(NULL) = 0x5555749a2000 brk(0x5555749a2d40) = 0x5555749a2d40 arch_prctl(ARCH_SET_FS, 0x5555749a23c0) = 0 set_tid_address(0x5555749a2690) = 5080 set_robust_list(0x5555749a26a0, 24) = 0 rseq(0x5555749a2ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor445257795", 4096) = 27 getrandom("\x31\xb9\x57\x61\xb7\x3c\xf5\x0d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555749a2d40 brk(0x5555749c3d40) = 0x5555749c3d40 brk(0x5555749c4000) = 0x5555749c4000 mprotect(0x7f03762c3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.FPFMeS", 0700) = 0 chmod("./syzkaller.FPFMeS", 0777) = 0 chdir("./syzkaller.FPFMeS") = 0 mkdir("./0", 0777) = 0 [ 103.426408][ T29] audit: type=1400 audit(1714530372.235:87): avc: denied { execmem } for pid=5080 comm="syz-executor445" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5081 [pid 5081] chdir("./0") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [ 103.486666][ T29] audit: type=1400 audit(1714530372.295:88): avc: denied { read write } for pid=5080 comm="syz-executor445" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 103.511620][ T29] audit: type=1400 audit(1714530372.295:89): avc: denied { open } for pid=5080 comm="syz-executor445" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5081] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5082 attached => {parent_tid=[5082]}, 88) = 5082 [pid 5082] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5082] set_robust_list(0x7f03761f79a0, 24 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] <... set_robust_list resumed>) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] memfd_create("syzkaller", 0 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] <... memfd_create resumed>) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5082] munmap(0x7f036dc00000, 138412032) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 103.537226][ T29] audit: type=1400 audit(1714530372.295:90): avc: denied { ioctl } for pid=5080 comm="syz-executor445" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] close(4) = 0 [pid 5082] mkdir("./bus", 0777) = 0 [ 103.627578][ T5082] loop0: detected capacity change from 0 to 2048 [ 103.656269][ T29] audit: type=1400 audit(1714530372.465:91): avc: denied { mounton } for pid=5081 comm="syz-executor445" path="/root/syzkaller.FPFMeS/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 5082] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./bus") = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5082] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [ 103.702218][ T5082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.716269][ T29] audit: type=1400 audit(1714530372.525:92): avc: denied { mount } for pid=5081 comm="syz-executor445" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5081] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 4 [pid 5082] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5081] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 5 [ 103.759149][ T29] audit: type=1400 audit(1714530372.565:93): avc: denied { write } for pid=5081 comm="syz-executor445" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 103.781221][ T29] audit: type=1400 audit(1714530372.565:94): avc: denied { add_name } for pid=5081 comm="syz-executor445" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 5082] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5082] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5082] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] write(6, "t", 1 [pid 5081] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... write resumed>) = 1 [pid 5082] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] sendfile(6, 5, NULL, 131071 [pid 5081] <... futex resumed>) = 0 [ 103.802153][ T29] audit: type=1400 audit(1714530372.565:95): avc: denied { create } for pid=5081 comm="syz-executor445" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 103.822658][ T29] audit: type=1400 audit(1714530372.565:96): avc: denied { read write open } for pid=5081 comm="syz-executor445" path="/root/syzkaller.FPFMeS/0/bus/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 5081] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5081] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5081] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 103.926731][ T5082] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 103.944045][ T5082] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 103.956848][ T5082] EXT4-fs (loop0): This should not happen!! Data will be lost [ 103.956848][ T5082] [ 103.968371][ T5082] EXT4-fs (loop0): Total free blocks count 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5086 attached [pid 5086] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5081] <... clone3 resumed> => {parent_tid=[5086]}, 88) = 5086 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5081] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5086] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... sendfile resumed>) = 75 [pid 5086] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5086] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5081] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5082] pipe2( [pid 5081] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5082] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5081] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5081] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5082] <... futex resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 103.974998][ T5082] EXT4-fs (loop0): Free/Dirty block details [ 103.981555][ T5082] EXT4-fs (loop0): free_blocks=2415919104 [ 103.987492][ T5082] EXT4-fs (loop0): dirty_blocks=16 [ 103.993658][ T5082] EXT4-fs (loop0): Block reservation details [ 104.000593][ T5082] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 104.063797][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5087] chdir("./1") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5087] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5088 attached [pid 5088] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5087] <... clone3 resumed> => {parent_tid=[5088]}, 88) = 5088 [pid 5088] <... rseq resumed>) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] set_robust_list(0x7f03761f79a0, 24 [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5087] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] <... futex resumed>) = 0 [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5088] munmap(0x7f036dc00000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [pid 5088] mkdir("./bus", 0777) = 0 [ 104.360413][ T5088] loop0: detected capacity change from 0 to 2048 [pid 5088] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./bus") = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5087] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5087] <... futex resumed>) = 0 [pid 5088] <... openat resumed>) = 4 [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 0 [pid 5088] openat(AT_FDCWD, "./bus", O_RDONLY [ 104.416133][ T5088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... openat resumed>) = 5 [pid 5088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5088] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... openat resumed>) = 6 [pid 5088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5087] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] write(6, "t", 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... write resumed>) = 1 [pid 5088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5088] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] <... futex resumed>) = 0 [pid 5088] sendfile(6, 5, NULL, 131071 [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5087] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5087] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 104.558581][ T5088] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 104.573667][ T5088] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 104.588877][ T5088] EXT4-fs (loop0): This should not happen!! Data will be lost [ 104.588877][ T5088] [ 104.598900][ T5088] EXT4-fs (loop0): Total free blocks count 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5091 attached [pid 5091] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5091] set_robust_list(0x7f03761d69a0, 24 [pid 5087] <... clone3 resumed> => {parent_tid=[5091]}, 88) = 5091 [pid 5091] <... set_robust_list resumed>) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5087] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... open resumed>) = 7 [pid 5091] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5088] <... sendfile resumed>) = 75 [pid 5088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5088] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=38000000} [pid 5088] <... mmap resumed>) = 0x20000000 [pid 5088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] <... futex resumed>) = 0 [pid 5088] pipe2( [pid 5087] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5088] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] exit_group(0 [pid 5091] <... futex resumed>) = ? [pid 5088] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5087] <... exit_group resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [ 104.605024][ T5088] EXT4-fs (loop0): Free/Dirty block details [ 104.611357][ T5088] EXT4-fs (loop0): free_blocks=2415919104 [ 104.617242][ T5088] EXT4-fs (loop0): dirty_blocks=16 [ 104.622507][ T5088] EXT4-fs (loop0): Block reservation details [ 104.628554][ T5088] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 104.706895][ T2899] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x5555749a2690) = 5092 [pid 5092] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5092] chdir("./2") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5092] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5093 attached [pid 5093] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5092] <... clone3 resumed> => {parent_tid=[5093]}, 88) = 5093 [pid 5093] <... rseq resumed>) = 0 [pid 5093] set_robust_list(0x7f03761f79a0, 24 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5093] <... set_robust_list resumed>) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] <... futex resumed>) = 0 [pid 5093] memfd_create("syzkaller", 0 [pid 5092] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5093] <... memfd_create resumed>) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5093] munmap(0x7f036dc00000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] close(4) = 0 [pid 5093] mkdir("./bus", 0777) = 0 [ 105.001255][ T5093] loop0: detected capacity change from 0 to 2048 [pid 5093] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5093] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./bus") = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5093] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5092] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... openat resumed>) = 4 [pid 5093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5092] <... futex resumed>) = 0 [pid 5093] <... openat resumed>) = 5 [pid 5092] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5092] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5092] <... futex resumed>) = 0 [pid 5093] <... openat resumed>) = 6 [ 105.055556][ T5093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5092] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5092] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] write(6, "t", 1 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... write resumed>) = 1 [pid 5093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5093] sendfile(6, 5, NULL, 131071 [pid 5092] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5092] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5092] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5096]}, 88) = 5096 [ 105.172414][ T5093] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 105.188037][ T5093] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 105.200779][ T5093] EXT4-fs (loop0): This should not happen!! Data will be lost [ 105.200779][ T5093] [ 105.211035][ T5093] EXT4-fs (loop0): Total free blocks count 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5096 attached [pid 5092] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5092] <... futex resumed>) = 0 [pid 5096] <... rseq resumed>) = 0 [pid 5092] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5093] <... sendfile resumed>) = 75 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5096] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 0 [pid 5093] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5093] pipe2( [pid 5092] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = 0 [pid 5092] exit_group(0 [pid 5096] <... futex resumed>) = ? [pid 5092] <... exit_group resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5093] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 105.217426][ T5093] EXT4-fs (loop0): Free/Dirty block details [ 105.223782][ T5093] EXT4-fs (loop0): free_blocks=2415919104 [ 105.229589][ T5093] EXT4-fs (loop0): dirty_blocks=16 [ 105.236099][ T5093] EXT4-fs (loop0): Block reservation details [ 105.242774][ T5093] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 105.311111][ T2899] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached , child_tidptr=0x5555749a2690) = 5097 [pid 5097] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5097] chdir("./3") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5097] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5098 attached [pid 5098] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5097] <... clone3 resumed> => {parent_tid=[5098]}, 88) = 5098 [pid 5098] <... rseq resumed>) = 0 [pid 5098] set_robust_list(0x7f03761f79a0, 24 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] <... set_robust_list resumed>) = 0 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] <... futex resumed>) = 0 [pid 5098] memfd_create("syzkaller", 0 [pid 5097] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5098] <... memfd_create resumed>) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5098] munmap(0x7f036dc00000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] close(4) = 0 [pid 5098] mkdir("./bus", 0777) = 0 [pid 5098] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5098] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./bus") = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 105.623685][ T5098] loop0: detected capacity change from 0 to 2048 [ 105.659020][ T5098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5097] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] <... openat resumed>) = 4 [pid 5097] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5098] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5097] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... openat resumed>) = 5 [pid 5098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5097] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... openat resumed>) = 6 [pid 5098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] write(6, "t", 1 [pid 5097] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... write resumed>) = 1 [pid 5098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] sendfile(6, 5, NULL, 131071 [pid 5097] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5097] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5097] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 105.761336][ T5098] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 105.776814][ T5098] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 105.789254][ T5098] EXT4-fs (loop0): This should not happen!! Data will be lost [ 105.789254][ T5098] [ 105.799239][ T5098] EXT4-fs (loop0): Total free blocks count 0 [ 105.805335][ T5098] EXT4-fs (loop0): Free/Dirty block details [pid 5097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5101 attached [pid 5101] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5101] set_robust_list(0x7f03761d69a0, 24 [pid 5097] <... clone3 resumed> => {parent_tid=[5101]}, 88) = 5101 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] <... set_robust_list resumed>) = 0 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5101] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5097] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... open resumed>) = 7 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... sendfile resumed>) = 75 [pid 5101] <... futex resumed>) = 1 [pid 5098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5101] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... futex resumed>) = 0 [pid 5097] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... mmap resumed>) = 0x20000000 [pid 5098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] pipe2(0x20000240, 0) = 0 [pid 5098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] <... futex resumed>) = 0 [pid 5098] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5097] exit_group(0 [pid 5098] <... futex resumed>) = ? [pid 5097] <... exit_group resumed>) = ? [pid 5101] <... futex resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 105.811594][ T5098] EXT4-fs (loop0): free_blocks=2415919104 [ 105.817343][ T5098] EXT4-fs (loop0): dirty_blocks=16 [ 105.822793][ T5098] EXT4-fs (loop0): Block reservation details [ 105.828809][ T5098] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 [ 105.865965][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5102 ./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5102] chdir("./4") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5102] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5103 attached [pid 5103] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5102] <... clone3 resumed> => {parent_tid=[5103]}, 88) = 5103 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] <... rseq resumed>) = 0 [pid 5102] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5103] munmap(0x7f036dc00000, 138412032) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] close(4) = 0 [pid 5103] mkdir("./bus", 0777) = 0 [ 106.235343][ T5103] loop0: detected capacity change from 0 to 2048 [pid 5103] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./bus") = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5102] <... futex resumed>) = 0 [pid 5103] <... openat resumed>) = 4 [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5103] <... futex resumed>) = 1 [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 106.277030][ T5103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5103] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5103] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... openat resumed>) = 6 [pid 5103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] write(6, "t", 1 [pid 5102] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... write resumed>) = 1 [pid 5103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] <... futex resumed>) = 0 [pid 5103] sendfile(6, 5, NULL, 131071 [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5102] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5102] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 106.401770][ T5103] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 106.417431][ T5103] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 106.429777][ T5103] EXT4-fs (loop0): This should not happen!! Data will be lost [ 106.429777][ T5103] [ 106.439829][ T5103] EXT4-fs (loop0): Total free blocks count 0 [ 106.446087][ T5103] EXT4-fs (loop0): Free/Dirty block details [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5106 attached => {parent_tid=[5106]}, 88) = 5106 [pid 5106] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5103] <... sendfile resumed>) = 75 [pid 5106] <... rseq resumed>) = 0 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] set_robust_list(0x7f03761d69a0, 24 [pid 5103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5103] <... futex resumed>) = 0 [pid 5102] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5106] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5106] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5103] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... mmap resumed>) = 0x20000000 [pid 5103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 106.452146][ T5103] EXT4-fs (loop0): free_blocks=2415919104 [ 106.458118][ T5103] EXT4-fs (loop0): dirty_blocks=16 [ 106.463559][ T5103] EXT4-fs (loop0): Block reservation details [ 106.469853][ T5103] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5103] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5103] pipe2( [pid 5102] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] exit_group(0 [pid 5106] <... futex resumed>) = ? [pid 5103] <... futex resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5102] <... exit_group resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 106.562588][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached , child_tidptr=0x5555749a2690) = 5107 [pid 5107] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5107] chdir("./5") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5107] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5108 attached [pid 5108] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5108] set_robust_list(0x7f03761f79a0, 24 [pid 5107] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5107] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5108] munmap(0x7f036dc00000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] close(4) = 0 [pid 5108] mkdir("./bus", 0777) = 0 [ 106.905143][ T5108] loop0: detected capacity change from 0 to 2048 [pid 5108] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5108] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./bus") = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5108] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5107] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] <... openat resumed>) = 4 [pid 5107] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] <... futex resumed>) = 0 [pid 5108] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5107] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... openat resumed>) = 5 [ 106.950408][ T5108] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5108] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5107] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] <... openat resumed>) = 6 [pid 5107] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] write(6, "t", 1 [pid 5107] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... write resumed>) = 1 [pid 5108] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5107] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] sendfile(6, 5, NULL, 131071 [pid 5107] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5107] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5107] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 107.086614][ T5108] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 107.102461][ T5108] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 107.114818][ T5108] EXT4-fs (loop0): This should not happen!! Data will be lost [ 107.114818][ T5108] [ 107.124583][ T5108] EXT4-fs (loop0): Total free blocks count 0 [ 107.130711][ T5108] EXT4-fs (loop0): Free/Dirty block details [pid 5107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5111]}, 88) = 5111 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5107] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5111 attached ) = 0 [pid 5107] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5108] <... sendfile resumed>) = 75 [pid 5111] <... rseq resumed>) = 0 [pid 5111] set_robust_list(0x7f03761d69a0, 24 [pid 5108] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... set_robust_list resumed>) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... open resumed>) = 7 [pid 5111] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 107.136652][ T5108] EXT4-fs (loop0): free_blocks=2415919104 [ 107.142513][ T5108] EXT4-fs (loop0): dirty_blocks=16 [ 107.147743][ T5108] EXT4-fs (loop0): Block reservation details [ 107.153918][ T5108] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5111] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = 1 [pid 5108] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5108] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] pipe2( [pid 5107] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5108] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] exit_group(0 [pid 5111] <... futex resumed>) = ? [pid 5107] <... exit_group resumed>) = ? [pid 5108] <... futex resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 107.259081][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached , child_tidptr=0x5555749a2690) = 5112 [pid 5112] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5112] chdir("./6") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5112] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5113 attached [pid 5113] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5112] <... clone3 resumed> => {parent_tid=[5113]}, 88) = 5113 [pid 5113] <... rseq resumed>) = 0 [pid 5113] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] rt_sigprocmask(SIG_SETMASK, [], [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [pid 5112] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5113] memfd_create("syzkaller", 0) = 3 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5113] munmap(0x7f036dc00000, 138412032) = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5113] close(3) = 0 [pid 5113] close(4) = 0 [pid 5113] mkdir("./bus", 0777) = 0 [ 107.548031][ T5113] loop0: detected capacity change from 0 to 2048 [pid 5113] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5113] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5113] chdir("./bus") = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5113] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5112] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... openat resumed>) = 4 [pid 5113] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5113] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] <... futex resumed>) = 0 [pid 5113] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5112] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... openat resumed>) = 5 [ 107.615176][ T5113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5113] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5112] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... openat resumed>) = 6 [pid 5113] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5113] write(6, "t", 1 [pid 5112] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... write resumed>) = 1 [pid 5113] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5113] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] <... futex resumed>) = 0 [pid 5113] sendfile(6, 5, NULL, 131071 [pid 5112] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5112] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5112] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5116 attached [pid 5116] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5112] <... clone3 resumed> => {parent_tid=[5116]}, 88) = 5116 [pid 5116] <... rseq resumed>) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] set_robust_list(0x7f03761d69a0, 24 [pid 5112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5112] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5112] <... futex resumed>) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5116] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5112] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5112] <... futex resumed>) = 0 [ 107.727940][ T5113] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 107.743618][ T5113] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 107.764507][ T5113] EXT4-fs (loop0): This should not happen!! Data will be lost [ 107.764507][ T5113] [pid 5112] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... mmap resumed>) = 0x20000000 [pid 5113] <... sendfile resumed>) = 75 [pid 5112] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5116] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 0 [pid 5116] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] pipe2( [pid 5112] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5113] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5113] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] exit_group(0 [pid 5116] <... futex resumed>) = ? [pid 5113] <... futex resumed>) = ? [pid 5112] <... exit_group resumed>) = ? [pid 5116] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 107.774766][ T5113] EXT4-fs (loop0): Total free blocks count 0 [ 107.781243][ T5113] EXT4-fs (loop0): Free/Dirty block details [ 107.787512][ T5113] EXT4-fs (loop0): free_blocks=2415919104 [ 107.793911][ T5113] EXT4-fs (loop0): dirty_blocks=16 [ 107.799406][ T5113] EXT4-fs (loop0): Block reservation details [ 107.805973][ T5113] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 107.912943][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached , child_tidptr=0x5555749a2690) = 5117 [pid 5117] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5117] chdir("./7") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5117] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0} => {parent_tid=[5118]}, 88) = 5118 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5117] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5118 attached [pid 5118] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... rseq resumed>) = 0 [pid 5117] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5118] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5118] munmap(0x7f036dc00000, 138412032) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] close(4) = 0 [pid 5118] mkdir("./bus", 0777) = 0 [ 108.248058][ T5118] loop0: detected capacity change from 0 to 2048 [pid 5118] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5118] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./bus") = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5118] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5118] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5117] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5118] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5117] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... openat resumed>) = 5 [pid 5118] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... futex resumed>) = 0 [pid 5118] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5118] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5118] write(6, "t", 1 [pid 5117] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... write resumed>) = 1 [pid 5118] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [ 108.290616][ T5118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5118] sendfile(6, 5, NULL, 131071 [pid 5117] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5117] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5117] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5122]}, 88) = 5122 [ 108.390706][ T5118] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 108.406203][ T5118] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 108.418501][ T5118] EXT4-fs (loop0): This should not happen!! Data will be lost [ 108.418501][ T5118] [ 108.428260][ T5118] EXT4-fs (loop0): Total free blocks count 0 [ 108.434325][ T5118] EXT4-fs (loop0): Free/Dirty block details [pid 5117] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5122 attached NULL, 8) = 0 [pid 5122] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5117] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... rseq resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5122] set_robust_list(0x7f03761d69a0, 24 [pid 5117] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... set_robust_list resumed>) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5122] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5122] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 108.441493][ T5118] EXT4-fs (loop0): free_blocks=2415919104 [ 108.446288][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 108.446310][ T29] audit: type=1804 audit(1714530377.255:123): pid=5122 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/7/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 108.448347][ T5118] EXT4-fs (loop0): dirty_blocks=16 [ 108.484033][ T5118] EXT4-fs (loop0): Block reservation details [pid 5117] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... mmap resumed>) = 0x20000000 [pid 5118] <... sendfile resumed>) = 75 [pid 5122] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5122] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] pipe2(0x20000240, 0) = 0 [pid 5118] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] exit_group(0 [pid 5122] <... futex resumed>) = ? [pid 5117] <... exit_group resumed>) = ? [ 108.490159][ T5118] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5122] +++ exited with 0 +++ [pid 5118] <... futex resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 108.595617][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached , child_tidptr=0x5555749a2690) = 5123 [pid 5123] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5123] chdir("./8") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5123] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5124 attached [pid 5124] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5123] <... clone3 resumed> => {parent_tid=[5124]}, 88) = 5124 [pid 5124] <... rseq resumed>) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5124] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5123] <... futex resumed>) = 0 [pid 5124] memfd_create("syzkaller", 0 [pid 5123] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5124] <... memfd_create resumed>) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5124] munmap(0x7f036dc00000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] close(4) = 0 [pid 5124] mkdir("./bus", 0777) = 0 [ 109.014343][ T5124] loop0: detected capacity change from 0 to 2048 [pid 5124] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5124] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./bus") = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5124] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5123] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5123] <... futex resumed>) = 0 [pid 5124] <... openat resumed>) = 4 [pid 5123] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5123] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5124] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5123] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... openat resumed>) = 6 [pid 5124] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [ 109.066793][ T5124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5124] write(6, "t", 1) = 1 [pid 5124] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] sendfile(6, 5, NULL, 131071 [ 109.101215][ T29] audit: type=1804 audit(1714530377.915:124): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/8/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 109.125649][ T29] audit: type=1804 audit(1714530377.915:125): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/8/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5123] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5123] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5123] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5127 attached [pid 5127] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5127] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5123] <... clone3 resumed> => {parent_tid=[5127]}, 88) = 5127 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5127] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5123] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5127] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 109.176697][ T5124] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 109.191895][ T5124] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 5123] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5123] <... futex resumed>) = 1 [pid 5123] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... mmap resumed>) = 0x20000000 [pid 5124] <... sendfile resumed>) = 75 [pid 5127] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5127] <... futex resumed>) = 1 [pid 5123] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] pipe2( [pid 5123] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5124] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5124] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] exit_group(0 [pid 5127] <... futex resumed>) = ? [pid 5124] <... futex resumed>) = ? [pid 5123] <... exit_group resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [ 109.204850][ T29] audit: type=1804 audit(1714530378.005:126): pid=5127 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/8/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 109.210212][ T5124] EXT4-fs (loop0): This should not happen!! Data will be lost [ 109.210212][ T5124] [ 109.238921][ T5124] EXT4-fs (loop0): Total free blocks count 0 [ 109.245054][ T5124] EXT4-fs (loop0): Free/Dirty block details [ 109.251024][ T5124] EXT4-fs (loop0): free_blocks=2415919104 [ 109.256828][ T5124] EXT4-fs (loop0): dirty_blocks=16 [ 109.262077][ T5124] EXT4-fs (loop0): Block reservation details [ 109.268103][ T5124] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 109.358770][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 unlink("./8/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached , child_tidptr=0x5555749a2690) = 5128 [pid 5128] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5128] chdir("./9") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5128] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5129 attached [pid 5129] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5128] <... clone3 resumed> => {parent_tid=[5129]}, 88) = 5129 [pid 5129] set_robust_list(0x7f03761f79a0, 24 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] <... set_robust_list resumed>) = 0 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] <... futex resumed>) = 0 [pid 5129] memfd_create("syzkaller", 0 [pid 5128] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] <... memfd_create resumed>) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5129] munmap(0x7f036dc00000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] close(4) = 0 [pid 5129] mkdir("./bus", 0777) = 0 [ 109.713807][ T5129] loop0: detected capacity change from 0 to 2048 [pid 5129] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5129] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./bus") = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5129] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5128] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5128] <... futex resumed>) = 0 [pid 5129] <... openat resumed>) = 4 [pid 5128] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 1 [pid 5129] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 109.755803][ T5129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5129] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5129] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5128] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... openat resumed>) = 6 [pid 5129] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] write(6, "t", 1 [pid 5128] <... futex resumed>) = 0 [ 109.800442][ T29] audit: type=1804 audit(1714530378.605:127): pid=5129 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/9/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5128] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... write resumed>) = 1 [pid 5129] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] sendfile(6, 5, NULL, 131071 [pid 5128] <... futex resumed>) = 0 [ 109.836132][ T29] audit: type=1804 audit(1714530378.645:128): pid=5129 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/9/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5128] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5128] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5128] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5132 attached [pid 5132] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5128] <... clone3 resumed> => {parent_tid=[5132]}, 88) = 5132 [pid 5132] set_robust_list(0x7f03761d69a0, 24) = 0 [ 109.904309][ T5129] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 109.919844][ T5129] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 109.932129][ T5129] EXT4-fs (loop0): This should not happen!! Data will be lost [ 109.932129][ T5129] [ 109.941890][ T5129] EXT4-fs (loop0): Total free blocks count 0 [ 109.947914][ T5129] EXT4-fs (loop0): Free/Dirty block details [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5128] <... futex resumed>) = 0 [pid 5132] <... open resumed>) = 7 [pid 5128] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5128] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... mmap resumed>) = 0x20000000 [pid 5132] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] pipe2(0x20000240, 0) = 0 [pid 5132] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5132] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... sendfile resumed>) = 75 [pid 5129] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] exit_group(0 [pid 5132] <... futex resumed>) = ? [pid 5128] <... exit_group resumed>) = ? [pid 5132] +++ exited with 0 +++ [ 109.954495][ T5129] EXT4-fs (loop0): free_blocks=2415919104 [ 109.959260][ T29] audit: type=1804 audit(1714530378.765:129): pid=5132 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/9/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 109.960667][ T5129] EXT4-fs (loop0): dirty_blocks=16 [ 109.989026][ T5129] EXT4-fs (loop0): Block reservation details [ 109.995369][ T5129] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5129] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 110.082858][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x5555749a2690) = 5133 [pid 5133] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5133] chdir("./10") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5133] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5133] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5134 attached [pid 5134] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5133] <... clone3 resumed> => {parent_tid=[5134]}, 88) = 5134 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], [pid 5134] <... rseq resumed>) = 0 [pid 5133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5134] set_robust_list(0x7f03761f79a0, 24 [pid 5133] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... set_robust_list resumed>) = 0 [pid 5133] <... futex resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5134] munmap(0x7f036dc00000, 138412032) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] close(4) = 0 [pid 5134] mkdir("./bus", 0777) = 0 [ 110.475937][ T5134] loop0: detected capacity change from 0 to 2048 [pid 5134] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5134] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./bus") = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5134] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] <... futex resumed>) = 0 [pid 5134] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5133] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... openat resumed>) = 4 [pid 5134] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... futex resumed>) = 1 [ 110.527083][ T5134] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5134] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5134] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5133] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... openat resumed>) = 6 [pid 5134] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] write(6, "t", 1 [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... write resumed>) = 1 [pid 5134] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] sendfile(6, 5, NULL, 131071 [pid 5133] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 110.571319][ T29] audit: type=1804 audit(1714530379.385:130): pid=5134 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/10/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 110.597195][ T29] audit: type=1804 audit(1714530379.395:131): pid=5134 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/10/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5133] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5133] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5133] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5137 attached [pid 5137] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5133] <... clone3 resumed> => {parent_tid=[5137]}, 88) = 5137 [pid 5137] <... rseq resumed>) = 0 [pid 5137] set_robust_list(0x7f03761d69a0, 24 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] <... set_robust_list resumed>) = 0 [pid 5133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] <... futex resumed>) = 0 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5133] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... open resumed>) = 7 [ 110.660223][ T5134] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 110.675971][ T5134] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 110.689552][ T5134] EXT4-fs (loop0): This should not happen!! Data will be lost [ 110.689552][ T5134] [ 110.700229][ T5134] EXT4-fs (loop0): Total free blocks count 0 [pid 5137] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 110.707452][ T29] audit: type=1804 audit(1714530379.515:132): pid=5137 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/10/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 110.708927][ T5134] EXT4-fs (loop0): Free/Dirty block details [ 110.737501][ T5134] EXT4-fs (loop0): free_blocks=2415919104 [ 110.745858][ T5134] EXT4-fs (loop0): dirty_blocks=16 [ 110.751317][ T5134] EXT4-fs (loop0): Block reservation details [pid 5137] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5137] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5137] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = 0 [pid 5133] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] pipe2( [pid 5133] <... futex resumed>) = 0 [pid 5133] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5134] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] <... futex resumed>) = 0 [pid 5134] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] exit_group(0 [pid 5137] <... futex resumed>) = ? [pid 5134] <... futex resumed>) = ? [pid 5133] <... exit_group resumed>) = ? [pid 5137] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 110.757336][ T5134] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 110.816669][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 unlink("./10/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5138 attached , child_tidptr=0x5555749a2690) = 5138 [pid 5138] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5138] chdir("./11") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5138] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5139 attached [pid 5139] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5138] <... clone3 resumed> => {parent_tid=[5139]}, 88) = 5139 [pid 5139] set_robust_list(0x7f03761f79a0, 24 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] <... set_robust_list resumed>) = 0 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5138] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] <... futex resumed>) = 0 [pid 5139] memfd_create("syzkaller", 0 [pid 5138] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] <... memfd_create resumed>) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5139] munmap(0x7f036dc00000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] close(4) = 0 [pid 5139] mkdir("./bus", 0777) = 0 [ 111.094841][ T5139] loop0: detected capacity change from 0 to 2048 [pid 5139] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./bus") = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5139] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5139] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5138] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... openat resumed>) = 4 [pid 5139] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... openat resumed>) = 5 [pid 5139] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5138] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 111.156122][ T5139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5139] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5139] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] write(6, "t", 1 [pid 5138] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... write resumed>) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... futex resumed>) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] sendfile(6, 5, NULL, 131071 [pid 5138] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5138] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5138] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5142]}, 88) = 5142 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5142 attached NULL, 8) = 0 [pid 5142] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [ 111.281374][ T5139] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 111.296742][ T5139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 111.309194][ T5139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 111.309194][ T5139] [ 111.318982][ T5139] EXT4-fs (loop0): Total free blocks count 0 [ 111.325080][ T5139] EXT4-fs (loop0): Free/Dirty block details [pid 5138] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... rseq resumed>) = 0 [pid 5138] <... futex resumed>) = 0 [pid 5142] set_robust_list(0x7f03761d69a0, 24 [pid 5138] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... set_robust_list resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5142] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5142] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... mmap resumed>) = 0x20000000 [pid 5139] <... sendfile resumed>) = 75 [pid 5142] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = 0 [pid 5139] <... futex resumed>) = 0 [pid 5142] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5138] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5139] pipe2( [pid 5138] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5139] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] exit_group(0 [pid 5142] <... futex resumed>) = ? [pid 5139] <... futex resumed>) = ? [pid 5138] <... exit_group resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 111.331182][ T5139] EXT4-fs (loop0): free_blocks=2415919104 [ 111.336963][ T5139] EXT4-fs (loop0): dirty_blocks=16 [ 111.342225][ T5139] EXT4-fs (loop0): Block reservation details [ 111.348314][ T5139] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 111.367804][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached , child_tidptr=0x5555749a2690) = 5143 [pid 5143] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5143] chdir("./12") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5143] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5144 attached => {parent_tid=[5144]}, 88) = 5144 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5144] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5144] <... rseq resumed>) = 0 [pid 5144] set_robust_list(0x7f03761f79a0, 24 [pid 5143] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... set_robust_list resumed>) = 0 [pid 5143] <... futex resumed>) = 0 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], [pid 5143] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5144] munmap(0x7f036dc00000, 138412032) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] close(4) = 0 [pid 5144] mkdir("./bus", 0777) = 0 [ 111.676280][ T5144] loop0: detected capacity change from 0 to 2048 [pid 5144] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5144] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./bus") = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5144] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5144] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5144] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5143] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... openat resumed>) = 5 [pid 5144] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... openat resumed>) = 6 [pid 5144] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 111.754923][ T5144] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5144] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5144] write(6, "t", 1 [pid 5143] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... write resumed>) = 1 [pid 5144] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] sendfile(6, 5, NULL, 131071 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5143] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5143] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5147 attached [pid 5147] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5147] set_robust_list(0x7f03761d69a0, 24 [pid 5143] <... clone3 resumed> => {parent_tid=[5147]}, 88) = 5147 [pid 5147] <... set_robust_list resumed>) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] <... futex resumed>) = 0 [pid 5147] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 111.894875][ T5144] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 111.910414][ T5144] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 111.922823][ T5144] EXT4-fs (loop0): This should not happen!! Data will be lost [ 111.922823][ T5144] [ 111.932630][ T5144] EXT4-fs (loop0): Total free blocks count 0 [ 111.938672][ T5144] EXT4-fs (loop0): Free/Dirty block details [pid 5143] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... open resumed>) = 7 [pid 5147] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... sendfile resumed>) = 75 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5147] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5143] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... mmap resumed>) = 0x20000000 [pid 5144] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5144] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5147] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5144] pipe2( [pid 5143] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5144] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] exit_group(0 [pid 5147] <... futex resumed>) = ? [pid 5144] <... futex resumed>) = ? [pid 5143] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 111.944695][ T5144] EXT4-fs (loop0): free_blocks=2415919104 [ 111.950482][ T5144] EXT4-fs (loop0): dirty_blocks=16 [ 111.955613][ T5144] EXT4-fs (loop0): Block reservation details [ 111.961686][ T5144] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 112.021459][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5148 attached , child_tidptr=0x5555749a2690) = 5148 [pid 5148] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5148] chdir("./13") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5148] setpgid(0, 0) = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5148] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5149 attached [pid 5149] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5148] <... clone3 resumed> => {parent_tid=[5149]}, 88) = 5149 [pid 5149] set_robust_list(0x7f03761f79a0, 24 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] <... set_robust_list resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5148] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5149] munmap(0x7f036dc00000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] close(4) = 0 [pid 5149] mkdir("./bus", 0777) = 0 [ 112.306914][ T5149] loop0: detected capacity change from 0 to 2048 [pid 5149] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5149] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] chdir("./bus") = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5149] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5148] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5148] <... futex resumed>) = 0 [pid 5149] <... openat resumed>) = 4 [pid 5148] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5149] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] <... futex resumed>) = 0 [pid 5149] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5148] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... openat resumed>) = 5 [pid 5149] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5148] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5149] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.346439][ T5149] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5148] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... futex resumed>) = 1 [pid 5149] write(6, "t", 1) = 1 [pid 5149] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5149] sendfile(6, 5, NULL, 131071 [pid 5148] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5148] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5148] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 112.448929][ T5149] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 112.464894][ T5149] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 112.477453][ T5149] EXT4-fs (loop0): This should not happen!! Data will be lost [ 112.477453][ T5149] [ 112.487186][ T5149] EXT4-fs (loop0): Total free blocks count 0 [ 112.493248][ T5149] EXT4-fs (loop0): Free/Dirty block details [pid 5148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5152 attached [pid 5152] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5149] <... sendfile resumed>) = 75 [pid 5152] <... rseq resumed>) = 0 [pid 5149] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... clone3 resumed> => {parent_tid=[5152]}, 88) = 5152 [pid 5152] set_robust_list(0x7f03761d69a0, 24 [pid 5149] <... futex resumed>) = 0 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5148] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5148] <... futex resumed>) = 0 [pid 5152] <... open resumed>) = 7 [pid 5148] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5148] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5152] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5149] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] pipe2( [pid 5148] <... futex resumed>) = 0 [pid 5149] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5148] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... futex resumed>) = 0 [pid 5148] exit_group(0 [pid 5152] <... futex resumed>) = ? [pid 5149] <... futex resumed>) = ? [pid 5152] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ [pid 5148] <... exit_group resumed>) = ? [ 112.499158][ T5149] EXT4-fs (loop0): free_blocks=2415919104 [ 112.505002][ T5149] EXT4-fs (loop0): dirty_blocks=16 [ 112.510235][ T5149] EXT4-fs (loop0): Block reservation details [ 112.516242][ T5149] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 112.605114][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5153 attached , child_tidptr=0x5555749a2690) = 5153 [pid 5153] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5153] chdir("./14") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5153] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5154 attached [pid 5154] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5153] <... clone3 resumed> => {parent_tid=[5154]}, 88) = 5154 [pid 5154] <... rseq resumed>) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] set_robust_list(0x7f03761f79a0, 24 [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] <... set_robust_list resumed>) = 0 [pid 5153] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5153] <... futex resumed>) = 0 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5154] memfd_create("syzkaller", 0) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5154] munmap(0x7f036dc00000, 138412032) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5154] close(3) = 0 [pid 5154] close(4) = 0 [pid 5154] mkdir("./bus", 0777) = 0 [ 112.946264][ T5154] loop0: detected capacity change from 0 to 2048 [pid 5154] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5154] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./bus") = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5154] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5153] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5153] <... futex resumed>) = 0 [pid 5154] <... openat resumed>) = 4 [pid 5153] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] <... futex resumed>) = 0 [pid 5153] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5153] <... futex resumed>) = 0 [pid 5154] <... openat resumed>) = 5 [pid 5153] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5153] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5153] <... futex resumed>) = 0 [ 112.987289][ T5154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5153] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... openat resumed>) = 6 [pid 5154] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5153] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] write(6, "t", 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... write resumed>) = 1 [pid 5154] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] sendfile(6, 5, NULL, 131071 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5153] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5153] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5157 attached [pid 5157] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5157] set_robust_list(0x7f03761d69a0, 24 [pid 5153] <... clone3 resumed> => {parent_tid=[5157]}, 88) = 5157 [pid 5157] <... set_robust_list resumed>) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 113.112811][ T5154] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 113.129043][ T5154] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 113.141911][ T5154] EXT4-fs (loop0): This should not happen!! Data will be lost [ 113.141911][ T5154] [ 113.152008][ T5154] EXT4-fs (loop0): Total free blocks count 0 [pid 5153] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] <... futex resumed>) = 0 [pid 5153] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5157] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5157] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5153] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... mmap resumed>) = 0x20000000 [pid 5154] <... sendfile resumed>) = 75 [pid 5157] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] <... futex resumed>) = 0 [pid 5154] pipe2( [pid 5153] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 1 [pid 5154] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5157] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... futex resumed>) = 0 [pid 5153] exit_group(0 [pid 5157] <... futex resumed>) = ? [pid 5157] +++ exited with 0 +++ [pid 5154] <... futex resumed>) = ? [pid 5153] <... exit_group resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 113.159589][ T5154] EXT4-fs (loop0): Free/Dirty block details [ 113.165611][ T5154] EXT4-fs (loop0): free_blocks=2415919104 [ 113.172137][ T5154] EXT4-fs (loop0): dirty_blocks=16 [ 113.178046][ T5154] EXT4-fs (loop0): Block reservation details [ 113.184517][ T5154] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 113.235260][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5158] chdir("./15" [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5158 [pid 5158] <... chdir resumed>) = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5158] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5159 attached [pid 5159] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5158] <... clone3 resumed> => {parent_tid=[5159]}, 88) = 5159 [pid 5159] <... rseq resumed>) = 0 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] set_robust_list(0x7f03761f79a0, 24 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5158] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], [pid 5158] <... futex resumed>) = 0 [pid 5159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5158] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5159] munmap(0x7f036dc00000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] close(4) = 0 [pid 5159] mkdir("./bus", 0777) = 0 [ 113.624716][ T5159] loop0: detected capacity change from 0 to 2048 [pid 5159] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5159] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./bus") = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5159] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5158] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... openat resumed>) = 4 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5158] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... openat resumed>) = 5 [ 113.673952][ T5159] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5159] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5158] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... openat resumed>) = 6 [pid 5159] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] write(6, "t", 1) = 1 [pid 5159] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5159] sendfile(6, 5, NULL, 131071 [ 113.723625][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 113.723649][ T29] audit: type=1804 audit(1714530382.535:145): pid=5159 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/15/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5158] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 113.756039][ T29] audit: type=1804 audit(1714530382.545:146): pid=5159 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/15/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5158] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5158] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5162 attached [ 113.809946][ T5159] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 113.826004][ T5159] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 113.838719][ T5159] EXT4-fs (loop0): This should not happen!! Data will be lost [ 113.838719][ T5159] [ 113.849170][ T5159] EXT4-fs (loop0): Total free blocks count 0 [pid 5162] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5162] set_robust_list(0x7f03761d69a0, 24 [pid 5158] <... clone3 resumed> => {parent_tid=[5162]}, 88) = 5162 [pid 5162] <... set_robust_list resumed>) = 0 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5162] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5162] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5158] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... open resumed>) = 7 [pid 5162] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5162] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5158] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.856472][ T5159] EXT4-fs (loop0): Free/Dirty block details [ 113.862932][ T5159] EXT4-fs (loop0): free_blocks=2415919104 [ 113.869045][ T5159] EXT4-fs (loop0): dirty_blocks=16 [ 113.873945][ T29] audit: type=1804 audit(1714530382.685:147): pid=5162 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/15/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 113.876012][ T5159] EXT4-fs (loop0): Block reservation details [pid 5158] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... sendfile resumed>) = 75 [pid 5159] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... mmap resumed>) = 0x20000000 [pid 5162] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5158] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5159] pipe2( [pid 5158] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5159] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] exit_group(0 [pid 5162] <... futex resumed>) = ? [pid 5159] <... futex resumed>) = ? [pid 5158] <... exit_group resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 113.904819][ T5159] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 113.926295][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached , child_tidptr=0x5555749a2690) = 5163 [pid 5163] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5163] chdir("./16") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5163] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5164 attached [pid 5164] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5164] set_robust_list(0x7f03761f79a0, 24 [pid 5163] <... clone3 resumed> => {parent_tid=[5164]}, 88) = 5164 [pid 5164] <... set_robust_list resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] memfd_create("syzkaller", 0 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... memfd_create resumed>) = 3 [pid 5163] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5164] munmap(0x7f036dc00000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] close(4) = 0 [pid 5164] mkdir("./bus", 0777) = 0 [ 114.206685][ T5164] loop0: detected capacity change from 0 to 2048 [pid 5164] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5164] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./bus") = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5164] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5163] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 4 [pid 5164] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "./bus", O_RDONLY [ 114.265908][ T5164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5163] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 5 [pid 5164] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... openat resumed>) = 6 [pid 5164] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5163] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] write(6, "t", 1) = 1 [pid 5164] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5164] sendfile(6, 5, NULL, 131071 [ 114.310279][ T29] audit: type=1804 audit(1714530383.115:148): pid=5164 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/16/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 114.334678][ T29] audit: type=1804 audit(1714530383.125:149): pid=5164 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/16/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5163] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5163] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5163] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5168 attached [pid 5168] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5163] <... clone3 resumed> => {parent_tid=[5168]}, 88) = 5168 [pid 5168] <... rseq resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5168] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5168] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5163] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... open resumed>) = 7 [ 114.406017][ T5164] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 114.421259][ T5164] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 114.433675][ T5164] EXT4-fs (loop0): This should not happen!! Data will be lost [ 114.433675][ T5164] [ 114.443495][ T5164] EXT4-fs (loop0): Total free blocks count 0 [ 114.449539][ T5164] EXT4-fs (loop0): Free/Dirty block details [pid 5168] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5168] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5163] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... mmap resumed>) = 0x20000000 [pid 5168] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5168] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5168] pipe2( [pid 5163] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5168] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5168] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... sendfile resumed>) = 75 [pid 5164] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] exit_group(0 [pid 5168] <... futex resumed>) = ? [pid 5163] <... exit_group resumed>) = ? [pid 5168] +++ exited with 0 +++ [pid 5164] <... futex resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 114.455108][ T29] audit: type=1804 audit(1714530383.265:150): pid=5168 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/16/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 114.455593][ T5164] EXT4-fs (loop0): free_blocks=2415919104 [ 114.484907][ T5164] EXT4-fs (loop0): dirty_blocks=16 [ 114.490149][ T5164] EXT4-fs (loop0): Block reservation details [ 114.496183][ T5164] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 114.558486][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached , child_tidptr=0x5555749a2690) = 5169 [pid 5169] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5169] chdir("./17") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5169] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5170 attached [pid 5170] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5169] <... clone3 resumed> => {parent_tid=[5170]}, 88) = 5170 [pid 5170] set_robust_list(0x7f03761f79a0, 24 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... set_robust_list resumed>) = 0 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5169] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] memfd_create("syzkaller", 0 [pid 5169] <... futex resumed>) = 0 [pid 5170] <... memfd_create resumed>) = 3 [pid 5169] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5170] munmap(0x7f036dc00000, 138412032) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] close(4) = 0 [pid 5170] mkdir("./bus", 0777) = 0 [ 114.934745][ T5170] loop0: detected capacity change from 0 to 2048 [pid 5170] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5170] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./bus") = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5170] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5169] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... openat resumed>) = 4 [pid 5170] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] openat(AT_FDCWD, "./bus", O_RDONLY [ 114.976735][ T5170] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5169] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... openat resumed>) = 5 [pid 5170] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5170] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5169] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] write(6, "t", 1 [pid 5169] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... write resumed>) = 1 [pid 5170] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] sendfile(6, 5, NULL, 131071 [ 115.022706][ T29] audit: type=1804 audit(1714530383.835:151): pid=5170 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/17/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 115.047749][ T29] audit: type=1804 audit(1714530383.865:152): pid=5170 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/17/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5169] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5169] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5169] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5173]}, 88) = 5173 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5169] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5173 attached [ 115.140271][ T5170] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 115.155590][ T5170] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 115.170177][ T5170] EXT4-fs (loop0): This should not happen!! Data will be lost [ 115.170177][ T5170] [ 115.180641][ T5170] EXT4-fs (loop0): Total free blocks count 0 [pid 5173] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5173] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5173] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5173] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 115.187337][ T5170] EXT4-fs (loop0): Free/Dirty block details [ 115.193354][ T5170] EXT4-fs (loop0): free_blocks=2415919104 [ 115.199589][ T29] audit: type=1804 audit(1714530384.005:153): pid=5173 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/17/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 115.223579][ T5170] EXT4-fs (loop0): dirty_blocks=16 [ 115.228737][ T5170] EXT4-fs (loop0): Block reservation details [pid 5169] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... mmap resumed>) = 0x20000000 [pid 5170] <... sendfile resumed>) = 75 [pid 5170] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... futex resumed>) = 1 [pid 5173] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5170] <... futex resumed>) = 1 [pid 5170] pipe2(0x20000240, 0) = 0 [pid 5170] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5169] exit_group(0 [pid 5173] <... futex resumed>) = ? [pid 5169] <... exit_group resumed>) = ? [pid 5173] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5169, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 115.235883][ T5170] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 115.310864][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached , child_tidptr=0x5555749a2690) = 5174 [pid 5174] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5174] chdir("./18") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5174] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5175 attached => {parent_tid=[5175]}, 88) = 5175 [pid 5175] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5175] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5174] <... futex resumed>) = 0 [pid 5175] memfd_create("syzkaller", 0 [pid 5174] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5175] <... memfd_create resumed>) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5175] munmap(0x7f036dc00000, 138412032) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] close(4) = 0 [pid 5175] mkdir("./bus", 0777) = 0 [ 115.695707][ T5175] loop0: detected capacity change from 0 to 2048 [pid 5175] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./bus") = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5175] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5174] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... openat resumed>) = 4 [pid 5175] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5175] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5175] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5174] <... futex resumed>) = 1 [pid 5174] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... openat resumed>) = 5 [ 115.743287][ T5175] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5175] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5174] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5175] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5175] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5175] write(6, "t", 1 [pid 5174] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... write resumed>) = 1 [pid 5175] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5174] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] sendfile(6, 5, NULL, 131071 [pid 5174] <... futex resumed>) = 0 [ 115.792731][ T29] audit: type=1804 audit(1714530384.605:154): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/18/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5174] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5174] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5174] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 115.872225][ T5175] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 115.888224][ T5175] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 115.900554][ T5175] EXT4-fs (loop0): This should not happen!! Data will be lost [ 115.900554][ T5175] [ 115.911752][ T5175] EXT4-fs (loop0): Total free blocks count 0 [pid 5174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5178 attached [pid 5178] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5174] <... clone3 resumed> => {parent_tid=[5178]}, 88) = 5178 [pid 5178] <... rseq resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5178] set_robust_list(0x7f03761d69a0, 24 [pid 5174] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... set_robust_list resumed>) = 0 [pid 5174] <... futex resumed>) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] <... sendfile resumed>) = 75 [pid 5178] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5175] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] <... open resumed>) = 7 [pid 5175] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5178] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5175] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5174] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... mmap resumed>) = 0x20000000 [pid 5175] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = 1 [pid 5175] pipe2( [pid 5174] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5175] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... futex resumed>) = 0 [pid 5174] exit_group(0 [pid 5178] <... futex resumed>) = ? [pid 5175] <... futex resumed>) = ? [pid 5174] <... exit_group resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 115.918310][ T5175] EXT4-fs (loop0): Free/Dirty block details [ 115.924327][ T5175] EXT4-fs (loop0): free_blocks=2415919104 [ 115.931209][ T5175] EXT4-fs (loop0): dirty_blocks=16 [ 115.936351][ T5175] EXT4-fs (loop0): Block reservation details [ 115.942846][ T5175] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 116.000924][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached , child_tidptr=0x5555749a2690) = 5179 [pid 5179] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5179] chdir("./19") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5179] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5179] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5180 attached [pid 5180] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5179] <... clone3 resumed> => {parent_tid=[5180]}, 88) = 5180 [pid 5180] set_robust_list(0x7f03761f79a0, 24 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] <... set_robust_list resumed>) = 0 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] memfd_create("syzkaller", 0 [pid 5179] <... futex resumed>) = 0 [pid 5180] <... memfd_create resumed>) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5179] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5180] munmap(0x7f036dc00000, 138412032) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] close(4) = 0 [pid 5180] mkdir("./bus", 0777) = 0 [ 116.309054][ T5180] loop0: detected capacity change from 0 to 2048 [pid 5180] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5180] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./bus") = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5180] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5180] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5179] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... openat resumed>) = 4 [pid 5180] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5180] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5179] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... openat resumed>) = 5 [pid 5180] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5179] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... openat resumed>) = 6 [ 116.351074][ T5180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5180] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] write(6, "t", 1 [pid 5179] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... write resumed>) = 1 [pid 5180] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5180] sendfile(6, 5, NULL, 131071 [pid 5179] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5179] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 116.456804][ T5180] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 116.472205][ T5180] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 116.484792][ T5180] EXT4-fs (loop0): This should not happen!! Data will be lost [ 116.484792][ T5180] [ 116.495824][ T5180] EXT4-fs (loop0): Total free blocks count 0 [pid 5179] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 5180] <... sendfile resumed>) = 75 [pid 5180] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5183 attached [pid 5179] <... clone3 resumed> => {parent_tid=[5183]}, 88) = 5183 [pid 5183] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] <... rseq resumed>) = 0 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] set_robust_list(0x7f03761d69a0, 24 [pid 5179] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... set_robust_list resumed>) = 0 [pid 5179] <... futex resumed>) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5183] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5183] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5180] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5179] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... mmap resumed>) = 0x20000000 [pid 5180] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5180] pipe2( [pid 5179] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5180] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] exit_group(0 [pid 5183] <... futex resumed>) = ? [pid 5180] <... futex resumed>) = ? [pid 5183] +++ exited with 0 +++ [pid 5179] <... exit_group resumed>) = ? [ 116.502398][ T5180] EXT4-fs (loop0): Free/Dirty block details [ 116.508336][ T5180] EXT4-fs (loop0): free_blocks=2415919104 [ 116.514973][ T5180] EXT4-fs (loop0): dirty_blocks=16 [ 116.520855][ T5180] EXT4-fs (loop0): Block reservation details [ 116.527221][ T5180] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 116.654567][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x5555749a2690) = 5184 [pid 5184] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5184] chdir("./20") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5184] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5185 attached => {parent_tid=[5185]}, 88) = 5185 [pid 5185] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5184] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5185] <... rseq resumed>) = 0 [pid 5185] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5185] munmap(0x7f036dc00000, 138412032) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5185] close(3) = 0 [pid 5185] close(4) = 0 [pid 5185] mkdir("./bus", 0777) = 0 [ 117.007631][ T5185] loop0: detected capacity change from 0 to 2048 [pid 5185] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5185] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] chdir("./bus") = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5185] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5184] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... openat resumed>) = 4 [pid 5185] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5184] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] <... openat resumed>) = 5 [pid 5184] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5184] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... openat resumed>) = 6 [ 117.051281][ T5185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5185] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5184] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] write(6, "t", 1 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... write resumed>) = 1 [pid 5185] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5185] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5185] sendfile(6, 5, NULL, 131071 [pid 5184] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5184] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5184] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 117.154368][ T5185] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 117.170306][ T5185] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 117.182828][ T5185] EXT4-fs (loop0): This should not happen!! Data will be lost [ 117.182828][ T5185] [ 117.193079][ T5185] EXT4-fs (loop0): Total free blocks count 0 [pid 5184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5188 attached [pid 5188] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5184] <... clone3 resumed> => {parent_tid=[5188]}, 88) = 5188 [pid 5188] <... rseq resumed>) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5188] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5188] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5185] <... sendfile resumed>) = 75 [pid 5184] <... futex resumed>) = 0 [pid 5184] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... mmap resumed>) = 0x20000000 [pid 5185] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5185] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5185] pipe2( [pid 5184] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5185] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5184] exit_group(0 [pid 5185] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] <... futex resumed>) = ? [pid 5185] <... futex resumed>) = ? [pid 5184] <... exit_group resumed>) = ? [pid 5188] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 117.199982][ T5185] EXT4-fs (loop0): Free/Dirty block details [ 117.205980][ T5185] EXT4-fs (loop0): free_blocks=2415919104 [ 117.214053][ T5185] EXT4-fs (loop0): dirty_blocks=16 [ 117.219462][ T5185] EXT4-fs (loop0): Block reservation details [ 117.225940][ T5185] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 117.324099][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached , child_tidptr=0x5555749a2690) = 5189 [pid 5189] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5189] chdir("./21") = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5189] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5190 attached [pid 5190] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5189] <... clone3 resumed> => {parent_tid=[5190]}, 88) = 5190 [pid 5190] set_robust_list(0x7f03761f79a0, 24 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5190] <... set_robust_list resumed>) = 0 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] <... futex resumed>) = 0 [pid 5190] memfd_create("syzkaller", 0 [pid 5189] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5190] <... memfd_create resumed>) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5190] munmap(0x7f036dc00000, 138412032) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] close(4) = 0 [pid 5190] mkdir("./bus", 0777) = 0 [ 117.663672][ T5190] loop0: detected capacity change from 0 to 2048 [pid 5190] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./bus") = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5190] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5189] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] <... openat resumed>) = 4 [pid 5189] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 117.706981][ T5190] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5190] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5190] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5190] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5189] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... openat resumed>) = 5 [pid 5190] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = 1 [pid 5190] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5189] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... openat resumed>) = 6 [pid 5190] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5190] <... futex resumed>) = 1 [pid 5189] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] write(6, "t", 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... write resumed>) = 1 [pid 5190] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] <... futex resumed>) = 0 [pid 5190] sendfile(6, 5, NULL, 131071 [pid 5189] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5189] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5189] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 117.868110][ T5190] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 117.883649][ T5190] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 117.896132][ T5190] EXT4-fs (loop0): This should not happen!! Data will be lost [ 117.896132][ T5190] [ 117.906161][ T5190] EXT4-fs (loop0): Total free blocks count 0 [ 117.912272][ T5190] EXT4-fs (loop0): Free/Dirty block details [pid 5189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5193 attached => {parent_tid=[5193]}, 88) = 5193 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5189] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5193] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5193] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5190] <... sendfile resumed>) = 75 [pid 5190] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5189] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5193] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... mmap resumed>) = 0x20000000 [pid 5190] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] pipe2( [pid 5189] <... futex resumed>) = 0 [pid 5190] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5189] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] exit_group(0 [pid 5193] <... futex resumed>) = ? [pid 5190] <... futex resumed>) = ? [pid 5189] <... exit_group resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5190] +++ exited with 0 +++ [ 117.918219][ T5190] EXT4-fs (loop0): free_blocks=2415919104 [ 117.924061][ T5190] EXT4-fs (loop0): dirty_blocks=16 [ 117.929238][ T5190] EXT4-fs (loop0): Block reservation details [ 117.935326][ T5190] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 118.034271][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached , child_tidptr=0x5555749a2690) = 5194 [pid 5194] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5194] chdir("./22") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5194] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5195 attached [pid 5195] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5194] <... clone3 resumed> => {parent_tid=[5195]}, 88) = 5195 [pid 5195] set_robust_list(0x7f03761f79a0, 24 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] <... set_robust_list resumed>) = 0 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] memfd_create("syzkaller", 0 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5195] <... memfd_create resumed>) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5195] munmap(0x7f036dc00000, 138412032) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] close(4) = 0 [pid 5195] mkdir("./bus", 0777) = 0 [ 118.247012][ T5195] loop0: detected capacity change from 0 to 2048 [pid 5195] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5195] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./bus") = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5195] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5195] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [ 118.288706][ T5195] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5194] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... openat resumed>) = 4 [pid 5195] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5194] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... openat resumed>) = 5 [pid 5195] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5195] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5194] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... openat resumed>) = 6 [pid 5195] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] write(6, "t", 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... write resumed>) = 1 [pid 5195] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] sendfile(6, 5, NULL, 131071 [pid 5194] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5194] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5194] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 118.430599][ T5195] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 118.445881][ T5195] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 118.458307][ T5195] EXT4-fs (loop0): This should not happen!! Data will be lost [ 118.458307][ T5195] [ 118.468105][ T5195] EXT4-fs (loop0): Total free blocks count 0 [ 118.474343][ T5195] EXT4-fs (loop0): Free/Dirty block details [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5198 attached [pid 5198] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5194] <... clone3 resumed> => {parent_tid=[5198]}, 88) = 5198 [pid 5198] <... rseq resumed>) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] <... futex resumed>) = 0 [pid 5198] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5194] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... open resumed>) = 7 [pid 5195] <... sendfile resumed>) = 75 [pid 5195] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5198] <... futex resumed>) = 1 [pid 5195] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5195] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5194] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... mmap resumed>) = 0x20000000 [pid 5195] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] pipe2( [pid 5194] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5195] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] exit_group(0 [pid 5198] <... futex resumed>) = ? [pid 5195] <... futex resumed>) = ? [pid 5194] <... exit_group resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5195] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 118.480339][ T5195] EXT4-fs (loop0): free_blocks=2415919104 [ 118.486100][ T5195] EXT4-fs (loop0): dirty_blocks=16 [ 118.491342][ T5195] EXT4-fs (loop0): Block reservation details [ 118.497372][ T5195] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 118.585845][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5199] chdir("./23") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5199] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5200 attached [pid 5200] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5199] <... clone3 resumed> => {parent_tid=[5200]}, 88) = 5200 [pid 5200] <... rseq resumed>) = 0 [pid 5200] set_robust_list(0x7f03761f79a0, 24 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], [pid 5200] <... set_robust_list resumed>) = 0 [pid 5199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], [pid 5199] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5199] <... futex resumed>) = 0 [pid 5200] memfd_create("syzkaller", 0 [pid 5199] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5200] <... memfd_create resumed>) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5200] munmap(0x7f036dc00000, 138412032) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] close(4) = 0 [pid 5200] mkdir("./bus", 0777) = 0 [ 118.845348][ T5200] loop0: detected capacity change from 0 to 2048 [pid 5200] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5200] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./bus") = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5200] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5199] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5199] <... futex resumed>) = 0 [pid 5200] <... openat resumed>) = 4 [pid 5200] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5199] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5200] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5199] <... futex resumed>) = 1 [pid 5200] <... openat resumed>) = 5 [ 118.886173][ T5200] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5199] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5200] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5199] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... openat resumed>) = 6 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] write(6, "t", 1 [pid 5199] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... write resumed>) = 1 [ 118.926727][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 118.926752][ T29] audit: type=1804 audit(1714530387.735:169): pid=5200 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/23/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5200] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5200] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5199] <... futex resumed>) = 0 [pid 5200] sendfile(6, 5, NULL, 131071 [ 118.957062][ T29] audit: type=1804 audit(1714530387.735:170): pid=5200 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/23/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5199] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5199] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5199] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5203 attached [ 119.042176][ T5200] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 119.057639][ T5200] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 119.070494][ T5200] EXT4-fs (loop0): This should not happen!! Data will be lost [ 119.070494][ T5200] [ 119.083256][ T5200] EXT4-fs (loop0): Total free blocks count 0 [pid 5203] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5199] <... clone3 resumed> => {parent_tid=[5203]}, 88) = 5203 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5203] <... rseq resumed>) = 0 [pid 5199] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] set_robust_list(0x7f03761d69a0, 24 [pid 5199] <... futex resumed>) = 0 [pid 5203] <... set_robust_list resumed>) = 0 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5199] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 119.090423][ T5200] EXT4-fs (loop0): Free/Dirty block details [ 119.096719][ T5200] EXT4-fs (loop0): free_blocks=2415919104 [ 119.102638][ T5200] EXT4-fs (loop0): dirty_blocks=16 [ 119.107803][ T5200] EXT4-fs (loop0): Block reservation details [ 119.117140][ T5200] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5203] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... sendfile resumed>) = 75 [pid 5203] <... futex resumed>) = 1 [pid 5200] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5203] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] <... futex resumed>) = 0 [pid 5199] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... mmap resumed>) = 0x20000000 [pid 5200] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 1 [ 119.118223][ T29] audit: type=1804 audit(1714530387.935:171): pid=5203 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/23/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5200] pipe2(0x20000240, 0) = 0 [pid 5200] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] exit_group(0) = ? [pid 5203] <... futex resumed>) = ? [pid 5203] +++ exited with 0 +++ [pid 5200] <... futex resumed>) = ? [pid 5200] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 119.246229][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached , child_tidptr=0x5555749a2690) = 5204 [pid 5204] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5204] chdir("./24") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5204] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5205 attached [pid 5205] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5204] <... clone3 resumed> => {parent_tid=[5205]}, 88) = 5205 [pid 5205] set_robust_list(0x7f03761f79a0, 24 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5205] <... set_robust_list resumed>) = 0 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5204] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] memfd_create("syzkaller", 0 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] <... memfd_create resumed>) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5205] munmap(0x7f036dc00000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] close(4) = 0 [pid 5205] mkdir("./bus", 0777) = 0 [ 119.572448][ T5205] loop0: detected capacity change from 0 to 2048 [pid 5205] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5205] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./bus") = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5205] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5204] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... openat resumed>) = 4 [pid 5205] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = 0 [pid 5205] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5204] <... futex resumed>) = 1 [ 119.616747][ T5205] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5205] <... openat resumed>) = 5 [pid 5204] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] <... futex resumed>) = 0 [pid 5204] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5204] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... openat resumed>) = 6 [pid 5205] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] write(6, "t", 1 [pid 5204] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... write resumed>) = 1 [pid 5205] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] sendfile(6, 5, NULL, 131071 [pid 5204] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.659158][ T29] audit: type=1804 audit(1714530388.465:172): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/24/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 119.683567][ T29] audit: type=1804 audit(1714530388.465:173): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/24/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5204] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5204] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5204] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 119.736861][ T5205] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 119.752601][ T5205] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 119.764915][ T5205] EXT4-fs (loop0): This should not happen!! Data will be lost [ 119.764915][ T5205] [ 119.774644][ T5205] EXT4-fs (loop0): Total free blocks count 0 [ 119.780702][ T5205] EXT4-fs (loop0): Free/Dirty block details [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5208 attached => {parent_tid=[5208]}, 88) = 5208 [pid 5208] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] <... rseq resumed>) = 0 [pid 5208] set_robust_list(0x7f03761d69a0, 24 [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] <... set_robust_list resumed>) = 0 [pid 5204] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5205] <... sendfile resumed>) = 75 [pid 5208] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5204] <... futex resumed>) = 0 [pid 5208] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5204] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... mmap resumed>) = 0x20000000 [pid 5205] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] pipe2( [pid 5204] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5205] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] exit_group(0 [pid 5208] <... futex resumed>) = ? [pid 5205] <... futex resumed>) = ? [pid 5204] <... exit_group resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5205] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.786609][ T5205] EXT4-fs (loop0): free_blocks=2415919104 [ 119.792485][ T5205] EXT4-fs (loop0): dirty_blocks=16 [ 119.797645][ T5205] EXT4-fs (loop0): Block reservation details [ 119.803731][ T5205] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 119.810378][ T29] audit: type=1804 audit(1714530388.625:174): pid=5208 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/24/bus/bus" dev="loop0" ino=18 res=1 errno=0 openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 119.873821][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5209 attached , child_tidptr=0x5555749a2690) = 5209 [pid 5209] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5209] chdir("./25") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5209] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5210 attached [pid 5210] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5210] set_robust_list(0x7f03761f79a0, 24 [pid 5209] <... clone3 resumed> => {parent_tid=[5210]}, 88) = 5210 [pid 5210] <... set_robust_list resumed>) = 0 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5209] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] memfd_create("syzkaller", 0 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5210] <... memfd_create resumed>) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5210] munmap(0x7f036dc00000, 138412032) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] close(4) = 0 [pid 5210] mkdir("./bus", 0777) = 0 [ 120.201425][ T5210] loop0: detected capacity change from 0 to 2048 [pid 5210] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5210] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./bus") = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5210] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5210] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... openat resumed>) = 4 [pid 5210] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5209] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5209] <... futex resumed>) = 0 [pid 5210] <... openat resumed>) = 5 [ 120.255533][ T5210] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5209] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] <... futex resumed>) = 0 [pid 5209] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... openat resumed>) = 6 [pid 5210] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5210] write(6, "t", 1 [pid 5209] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... write resumed>) = 1 [pid 5210] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5210] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] sendfile(6, 5, NULL, 131071 [pid 5209] <... futex resumed>) = 0 [ 120.309032][ T29] audit: type=1804 audit(1714530389.115:175): pid=5210 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/25/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 120.333250][ T29] audit: type=1804 audit(1714530389.115:176): pid=5210 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/25/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5209] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5209] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5209] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5213]}, 88) = 5213 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5209] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5213 attached [pid 5209] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5213] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5213] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 120.381423][ T5210] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 120.396736][ T5210] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 120.409001][ T5210] EXT4-fs (loop0): This should not happen!! Data will be lost [ 120.409001][ T5210] [pid 5213] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] <... futex resumed>) = 0 [pid 5209] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... futex resumed>) = 0 [ 120.423097][ T29] audit: type=1804 audit(1714530389.235:177): pid=5213 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/25/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 120.424261][ T5210] EXT4-fs (loop0): Total free blocks count 0 [ 120.453422][ T5210] EXT4-fs (loop0): Free/Dirty block details [ 120.459743][ T5210] EXT4-fs (loop0): free_blocks=2415919104 [ 120.465852][ T5210] EXT4-fs (loop0): dirty_blocks=16 [ 120.471165][ T5210] EXT4-fs (loop0): Block reservation details [pid 5213] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5213] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5213] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] <... futex resumed>) = 0 [pid 5213] pipe2( [pid 5209] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5213] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] <... futex resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5210] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... futex resumed>) = 0 [pid 5209] exit_group(0 [pid 5213] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5210] +++ exited with 0 +++ [pid 5209] <... exit_group resumed>) = ? [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [ 120.477198][ T5210] EXT4-fs (loop0): i_reserved_data_blocks=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 120.564653][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x5555749a2690) = 5214 [pid 5214] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5214] chdir("./26") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5214] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5215 attached [pid 5215] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5214] <... clone3 resumed> => {parent_tid=[5215]}, 88) = 5215 [pid 5215] set_robust_list(0x7f03761f79a0, 24 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] <... set_robust_list resumed>) = 0 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] <... futex resumed>) = 0 [pid 5215] memfd_create("syzkaller", 0 [pid 5214] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5215] <... memfd_create resumed>) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5215] munmap(0x7f036dc00000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] close(4) = 0 [pid 5215] mkdir("./bus", 0777) = 0 [ 120.902628][ T5215] loop0: detected capacity change from 0 to 2048 [pid 5215] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5215] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./bus") = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5215] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5214] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... openat resumed>) = 4 [pid 5215] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... openat resumed>) = 5 [pid 5215] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 120.955564][ T5215] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5215] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5215] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5214] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... openat resumed>) = 6 [pid 5215] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] <... futex resumed>) = 0 [pid 5215] write(6, "t", 1 [pid 5214] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... write resumed>) = 1 [pid 5215] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] <... futex resumed>) = 0 [pid 5215] sendfile(6, 5, NULL, 131071 [ 121.008727][ T29] audit: type=1804 audit(1714530389.815:178): pid=5215 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/26/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5214] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5214] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5214] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 121.087760][ T5215] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 121.103476][ T5215] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 121.116578][ T5215] EXT4-fs (loop0): This should not happen!! Data will be lost [ 121.116578][ T5215] [ 121.126327][ T5215] EXT4-fs (loop0): Total free blocks count 0 [ 121.132408][ T5215] EXT4-fs (loop0): Free/Dirty block details [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5218 attached [pid 5218] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5214] <... clone3 resumed> => {parent_tid=[5218]}, 88) = 5218 [pid 5218] <... rseq resumed>) = 0 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5218] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5214] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5218] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5218] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... futex resumed>) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] pipe2( [pid 5214] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5215] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5215] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 0 [pid 5214] exit_group(0 [pid 5218] <... futex resumed>) = ? [pid 5215] <... futex resumed>) = ? [pid 5214] <... exit_group resumed>) = ? [pid 5218] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 121.138349][ T5215] EXT4-fs (loop0): free_blocks=2415919104 [ 121.144168][ T5215] EXT4-fs (loop0): dirty_blocks=16 [ 121.149367][ T5215] EXT4-fs (loop0): Block reservation details [ 121.155552][ T5215] EXT4-fs (loop0): i_reserved_data_blocks=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 121.234756][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached , child_tidptr=0x5555749a2690) = 5219 [pid 5219] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5219] chdir("./27") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5219] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5220 attached [pid 5220] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5219] <... clone3 resumed> => {parent_tid=[5220]}, 88) = 5220 [pid 5220] set_robust_list(0x7f03761f79a0, 24 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] <... set_robust_list resumed>) = 0 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5219] <... futex resumed>) = 0 [pid 5220] memfd_create("syzkaller", 0 [pid 5219] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5220] <... memfd_create resumed>) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5220] munmap(0x7f036dc00000, 138412032) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] close(4) = 0 [pid 5220] mkdir("./bus", 0777) = 0 [ 121.583586][ T5220] loop0: detected capacity change from 0 to 2048 [pid 5220] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5220] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./bus") = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5220] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5219] <... futex resumed>) = 0 [ 121.635065][ T5220] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5219] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... openat resumed>) = 4 [pid 5220] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5219] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... openat resumed>) = 5 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5219] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... openat resumed>) = 6 [pid 5220] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5219] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] write(6, "t", 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... write resumed>) = 1 [pid 5220] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] sendfile(6, 5, NULL, 131071 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5219] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5219] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 121.786223][ T5220] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 121.801644][ T5220] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 121.814056][ T5220] EXT4-fs (loop0): This should not happen!! Data will be lost [ 121.814056][ T5220] [ 121.825257][ T5220] EXT4-fs (loop0): Total free blocks count 0 [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5223]}, 88) = 5223 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5219] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5223 attached [pid 5223] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5223] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5223] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5223] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5223] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... sendfile resumed>) = 75 [pid 5219] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5223] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5220] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... mmap resumed>) = 0x20000000 [pid 5220] <... futex resumed>) = 0 [pid 5223] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5223] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5219] <... futex resumed>) = 1 [pid 5220] pipe2( [pid 5219] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5220] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5219] exit_group(0 [pid 5223] <... futex resumed>) = ? [pid 5219] <... exit_group resumed>) = ? [pid 5220] <... futex resumed>) = ? [pid 5223] +++ exited with 0 +++ [ 121.832101][ T5220] EXT4-fs (loop0): Free/Dirty block details [ 121.838059][ T5220] EXT4-fs (loop0): free_blocks=2415919104 [ 121.846068][ T5220] EXT4-fs (loop0): dirty_blocks=16 [ 121.852050][ T5220] EXT4-fs (loop0): Block reservation details [ 121.858645][ T5220] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5220] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 121.948470][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5224] chdir("./28" [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5224 [pid 5224] <... chdir resumed>) = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5224] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5224] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5225 attached [pid 5225] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5224] <... clone3 resumed> => {parent_tid=[5225]}, 88) = 5225 [pid 5225] set_robust_list(0x7f03761f79a0, 24 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] <... set_robust_list resumed>) = 0 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5224] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] memfd_create("syzkaller", 0 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5225] <... memfd_create resumed>) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5225] munmap(0x7f036dc00000, 138412032) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] close(4) = 0 [pid 5225] mkdir("./bus", 0777) = 0 [ 122.285829][ T5225] loop0: detected capacity change from 0 to 2048 [pid 5225] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5225] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] chdir("./bus") = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5225] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5224] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 4 [pid 5225] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 122.357125][ T5225] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5224] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] <... futex resumed>) = 0 [pid 5225] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5224] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 5 [pid 5225] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5224] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 6 [pid 5225] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5224] <... futex resumed>) = 1 [pid 5225] write(6, "t", 1 [pid 5224] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... write resumed>) = 1 [pid 5225] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] <... futex resumed>) = 0 [pid 5225] sendfile(6, 5, NULL, 131071 [pid 5224] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5224] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5224] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5229 attached => {parent_tid=[5229]}, 88) = 5229 [pid 5229] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] <... rseq resumed>) = 0 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] set_robust_list(0x7f03761d69a0, 24 [pid 5224] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... set_robust_list resumed>) = 0 [pid 5224] <... futex resumed>) = 0 [ 122.478686][ T5225] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 122.495934][ T5225] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 122.508993][ T5225] EXT4-fs (loop0): This should not happen!! Data will be lost [ 122.508993][ T5225] [ 122.519120][ T5225] EXT4-fs (loop0): Total free blocks count 0 [pid 5224] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5229] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5229] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... sendfile resumed>) = 75 [pid 5229] <... mmap resumed>) = 0x20000000 [pid 5225] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5225] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... futex resumed>) = 0 [pid 5229] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] pipe2( [pid 5224] <... futex resumed>) = 0 [pid 5225] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5224] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = 1 [pid 5224] exit_group(0 [pid 5229] <... futex resumed>) = ? [pid 5224] <... exit_group resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 122.525583][ T5225] EXT4-fs (loop0): Free/Dirty block details [ 122.532305][ T5225] EXT4-fs (loop0): free_blocks=2415919104 [ 122.538416][ T5225] EXT4-fs (loop0): dirty_blocks=16 [ 122.543636][ T5225] EXT4-fs (loop0): Block reservation details [ 122.549955][ T5225] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 122.625360][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5230] chdir("./29") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5230] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5231 attached [pid 5231] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5231] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] <... clone3 resumed> => {parent_tid=[5231]}, 88) = 5231 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5230] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5231] memfd_create("syzkaller", 0 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5231] <... memfd_create resumed>) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5231] munmap(0x7f036dc00000, 138412032) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] close(4) = 0 [pid 5231] mkdir("./bus", 0777) = 0 [ 122.895195][ T5231] loop0: detected capacity change from 0 to 2048 [pid 5231] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./bus") = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5231] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5230] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... openat resumed>) = 4 [pid 5231] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5230] <... futex resumed>) = 0 [ 122.948708][ T5231] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... openat resumed>) = 5 [pid 5231] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5230] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... openat resumed>) = 6 [pid 5231] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] write(6, "t", 1 [pid 5230] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] <... write resumed>) = 1 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5231] sendfile(6, 5, NULL, 131071 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5230] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5230] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 123.055929][ T5231] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 123.071070][ T5231] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 123.083440][ T5231] EXT4-fs (loop0): This should not happen!! Data will be lost [ 123.083440][ T5231] [ 123.093331][ T5231] EXT4-fs (loop0): Total free blocks count 0 [ 123.099368][ T5231] EXT4-fs (loop0): Free/Dirty block details [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5234 attached [pid 5234] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5234] set_robust_list(0x7f03761d69a0, 24 [pid 5230] <... clone3 resumed> => {parent_tid=[5234]}, 88) = 5234 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5230] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... sendfile resumed>) = 75 [pid 5231] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = 0 [pid 5234] <... futex resumed>) = 1 [pid 5230] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5231] <... futex resumed>) = 1 [pid 5231] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5231] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] pipe2( [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5231] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] exit_group(0 [pid 5234] <... futex resumed>) = ? [pid 5231] <... futex resumed>) = ? [pid 5230] <... exit_group resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ [ 123.105357][ T5231] EXT4-fs (loop0): free_blocks=2415919104 [ 123.111226][ T5231] EXT4-fs (loop0): dirty_blocks=16 [ 123.116359][ T5231] EXT4-fs (loop0): Block reservation details [ 123.122457][ T5231] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 123.196579][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached , child_tidptr=0x5555749a2690) = 5235 [pid 5235] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5235] chdir("./30") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5235] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5236 attached => {parent_tid=[5236]}, 88) = 5236 [pid 5236] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] <... rseq resumed>) = 0 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] set_robust_list(0x7f03761f79a0, 24 [pid 5235] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... set_robust_list resumed>) = 0 [pid 5235] <... futex resumed>) = 0 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5235] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5236] munmap(0x7f036dc00000, 138412032) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] close(4) = 0 [pid 5236] mkdir("./bus", 0777) = 0 [ 123.574051][ T5236] loop0: detected capacity change from 0 to 2048 [pid 5236] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5236] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./bus") = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5236] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5235] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... openat resumed>) = 4 [pid 5236] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5236] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5235] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... openat resumed>) = 5 [pid 5236] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5235] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... openat resumed>) = 6 [pid 5235] <... futex resumed>) = 0 [ 123.635718][ T5236] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5235] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] write(6, "t", 1 [pid 5235] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... write resumed>) = 1 [pid 5236] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5236] sendfile(6, 5, NULL, 131071 [pid 5235] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5235] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5235] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5240]}, 88) = 5240 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5235] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5240 attached [pid 5240] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5240] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5240] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5240] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 123.750811][ T5236] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 123.766796][ T5236] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 123.779157][ T5236] EXT4-fs (loop0): This should not happen!! Data will be lost [ 123.779157][ T5236] [ 123.789359][ T5236] EXT4-fs (loop0): Total free blocks count 0 [pid 5235] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5240] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 0 [pid 5240] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] pipe2( [pid 5235] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5236] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] exit_group(0 [pid 5240] <... futex resumed>) = ? [pid 5236] <... futex resumed>) = ? [pid 5235] <... exit_group resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 123.795782][ T5236] EXT4-fs (loop0): Free/Dirty block details [ 123.801999][ T5236] EXT4-fs (loop0): free_blocks=2415919104 [ 123.807799][ T5236] EXT4-fs (loop0): dirty_blocks=16 [ 123.813364][ T5236] EXT4-fs (loop0): Block reservation details [ 123.819400][ T5236] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 123.871112][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5241 [pid 5241] chdir("./31") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5241] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5242 attached [pid 5242] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5241] <... clone3 resumed> => {parent_tid=[5242]}, 88) = 5242 [pid 5242] set_robust_list(0x7f03761f79a0, 24 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5242] <... set_robust_list resumed>) = 0 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5242] memfd_create("syzkaller", 0 [pid 5241] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] <... memfd_create resumed>) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5242] munmap(0x7f036dc00000, 138412032) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] close(4) = 0 [pid 5242] mkdir("./bus", 0777) = 0 [pid 5242] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5242] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./bus") = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 124.107608][ T5242] loop0: detected capacity change from 0 to 2048 [ 124.141929][ T5242] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5242] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... openat resumed>) = 4 [pid 5241] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5242] <... futex resumed>) = 0 [pid 5241] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5241] <... futex resumed>) = 0 [pid 5242] <... openat resumed>) = 5 [pid 5241] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5241] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... openat resumed>) = 6 [pid 5242] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] write(6, "t", 1 [pid 5241] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... write resumed>) = 1 [ 124.193352][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 124.193377][ T29] audit: type=1804 audit(1714530393.005:193): pid=5242 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/31/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5242] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] sendfile(6, 5, NULL, 131071 [pid 5241] <... futex resumed>) = 0 [ 124.225296][ T29] audit: type=1804 audit(1714530393.015:194): pid=5242 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/31/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5241] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5241] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5241] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5245 attached [pid 5245] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5241] <... clone3 resumed> => {parent_tid=[5245]}, 88) = 5245 [pid 5245] <... rseq resumed>) = 0 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] set_robust_list(0x7f03761d69a0, 24 [pid 5241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5241] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5241] <... futex resumed>) = 0 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5241] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 124.295433][ T5242] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 124.312844][ T5242] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 124.326587][ T5242] EXT4-fs (loop0): This should not happen!! Data will be lost [ 124.326587][ T5242] [pid 5245] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5245] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5245] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 124.326906][ T29] audit: type=1804 audit(1714530393.135:195): pid=5245 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/31/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 124.337180][ T5242] EXT4-fs (loop0): Total free blocks count 0 [ 124.366286][ T5242] EXT4-fs (loop0): Free/Dirty block details [ 124.372323][ T5242] EXT4-fs (loop0): free_blocks=2415919104 [ 124.378119][ T5242] EXT4-fs (loop0): dirty_blocks=16 [ 124.384230][ T5242] EXT4-fs (loop0): Block reservation details [pid 5241] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... mmap resumed>) = 0x20000000 [pid 5242] <... sendfile resumed>) = 75 [pid 5245] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5245] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] <... futex resumed>) = 0 [pid 5241] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] pipe2(0x20000240, 0) = 0 [pid 5242] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] exit_group(0) = ? [pid 5242] +++ exited with 0 +++ [pid 5245] <... futex resumed>) = ? [pid 5245] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 124.390803][ T5242] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 [ 124.453733][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5246 attached , child_tidptr=0x5555749a2690) = 5246 [pid 5246] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5246] chdir("./32") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5246] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5246] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5247 attached => {parent_tid=[5247]}, 88) = 5247 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5246] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5246] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5247] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5247] munmap(0x7f036dc00000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] close(4) = 0 [pid 5247] mkdir("./bus", 0777) = 0 [pid 5247] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5247] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./bus") = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5247] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] <... futex resumed>) = 0 [ 124.754887][ T5247] loop0: detected capacity change from 0 to 2048 [pid 5247] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5246] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... openat resumed>) = 4 [pid 5247] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5246] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... openat resumed>) = 5 [pid 5247] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5246] <... futex resumed>) = 0 [pid 5247] <... openat resumed>) = 6 [pid 5246] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5246] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] write(6, "t", 1) = 1 [pid 5247] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5246] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5247] sendfile(6, 5, NULL, 131071 [ 124.819890][ T29] audit: type=1804 audit(1714530393.625:196): pid=5247 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/32/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 124.844504][ T29] audit: type=1804 audit(1714530393.625:197): pid=5247 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/32/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5246] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5246] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5246] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5250 attached [pid 5250] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5250] set_robust_list(0x7f03761d69a0, 24 [pid 5246] <... clone3 resumed> => {parent_tid=[5250]}, 88) = 5250 [pid 5250] <... set_robust_list resumed>) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5246] <... futex resumed>) = 0 [pid 5250] <... open resumed>) = 7 [ 124.929370][ T5247] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 124.944912][ T5247] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 124.957576][ T5247] EXT4-fs (loop0): This should not happen!! Data will be lost [ 124.957576][ T5247] [ 124.968075][ T5247] EXT4-fs (loop0): Total free blocks count 0 [pid 5246] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5247] <... sendfile resumed>) = 75 [pid 5250] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5247] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... mmap resumed>) = 0x20000000 [pid 5250] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = 1 [pid 5247] pipe2( [pid 5246] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5247] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] exit_group(0) = ? [pid 5250] <... futex resumed>) = ? [pid 5247] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ [ 124.974669][ T5247] EXT4-fs (loop0): Free/Dirty block details [ 124.978532][ T29] audit: type=1804 audit(1714530393.795:198): pid=5250 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/32/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 124.981222][ T5247] EXT4-fs (loop0): free_blocks=2415919104 [ 125.009974][ T5247] EXT4-fs (loop0): dirty_blocks=16 [ 125.015237][ T5247] EXT4-fs (loop0): Block reservation details [ 125.021310][ T5247] EXT4-fs (loop0): i_reserved_data_blocks=1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 125.115587][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 125.128248][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 125.128248][ T139] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x5555749a26a0, 24 [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5251 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5251] chdir("./33") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5251] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5251] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5252 attached [pid 5252] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5251] <... clone3 resumed> => {parent_tid=[5252]}, 88) = 5252 [pid 5252] set_robust_list(0x7f03761f79a0, 24 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5252] <... set_robust_list resumed>) = 0 [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] <... futex resumed>) = 0 [pid 5252] memfd_create("syzkaller", 0 [pid 5251] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5252] <... memfd_create resumed>) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5252] munmap(0x7f036dc00000, 138412032) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] close(4) = 0 [pid 5252] mkdir("./bus", 0777) = 0 [pid 5252] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./bus") = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5252] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5252] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5252] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [ 125.476118][ T5252] loop0: detected capacity change from 0 to 2048 [pid 5251] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... openat resumed>) = 4 [pid 5252] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... openat resumed>) = 5 [pid 5252] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 0 [ 125.541365][ T29] audit: type=1804 audit(1714530394.355:199): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/33/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5252] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5252] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5252] <... futex resumed>) = 1 [pid 5251] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] write(6, "t", 1 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... write resumed>) = 1 [pid 5252] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5251] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] sendfile(6, 5, NULL, 131071 [pid 5251] <... futex resumed>) = 0 [ 125.574112][ T29] audit: type=1804 audit(1714530394.385:200): pid=5252 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/33/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5251] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5251] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 125.660216][ T5252] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 125.675865][ T5252] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 125.688168][ T5252] EXT4-fs (loop0): This should not happen!! Data will be lost [ 125.688168][ T5252] [ 125.698833][ T5252] EXT4-fs (loop0): Total free blocks count 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5251] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5255]}, 88) = 5255 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5251] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5255 attached [pid 5255] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5255] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5255] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] <... futex resumed>) = 0 [pid 5255] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5251] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... sendfile resumed>) = 75 [pid 5252] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... mmap resumed>) = 0x20000000 [pid 5255] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] pipe2( [pid 5251] <... futex resumed>) = 1 [pid 5252] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5251] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] exit_group(0 [pid 5252] <... futex resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5255] <... futex resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5251] <... exit_group resumed>) = ? [ 125.705315][ T5252] EXT4-fs (loop0): Free/Dirty block details [ 125.711366][ T5252] EXT4-fs (loop0): free_blocks=2415919104 [ 125.717130][ T5252] EXT4-fs (loop0): dirty_blocks=16 [ 125.722421][ T5252] EXT4-fs (loop0): Block reservation details [ 125.728451][ T5252] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 125.734456][ T29] audit: type=1804 audit(1714530394.545:201): pid=5255 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/33/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 125.824284][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 125.836579][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 125.836579][ T139] rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5256 attached , child_tidptr=0x5555749a2690) = 5256 [pid 5256] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5256] chdir("./34") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5256] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5257 attached => {parent_tid=[5257]}, 88) = 5257 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5256] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5257] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5257] munmap(0x7f036dc00000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] close(4) = 0 [pid 5257] mkdir("./bus", 0777) = 0 [pid 5257] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5257] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./bus") = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5257] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5256] <... futex resumed>) = 0 [ 126.127551][ T5257] loop0: detected capacity change from 0 to 2048 [pid 5256] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... openat resumed>) = 4 [pid 5257] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5256] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... openat resumed>) = 5 [pid 5257] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5256] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... openat resumed>) = 6 [pid 5257] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] <... futex resumed>) = 0 [pid 5257] write(6, "t", 1 [pid 5256] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... write resumed>) = 1 [pid 5257] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] sendfile(6, 5, NULL, 131071 [ 126.201148][ T29] audit: type=1804 audit(1714530395.015:202): pid=5257 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/34/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5256] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5256] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5256] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 126.275144][ T5257] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 126.290401][ T5257] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 126.303202][ T5257] EXT4-fs (loop0): This should not happen!! Data will be lost [ 126.303202][ T5257] [ 126.312964][ T5257] EXT4-fs (loop0): Total free blocks count 0 [ 126.318996][ T5257] EXT4-fs (loop0): Free/Dirty block details [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5260 attached [pid 5260] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5256] <... clone3 resumed> => {parent_tid=[5260]}, 88) = 5260 [pid 5260] set_robust_list(0x7f03761d69a0, 24 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] <... set_robust_list resumed>) = 0 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] <... futex resumed>) = 0 [pid 5260] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5256] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... open resumed>) = 7 [pid 5260] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... sendfile resumed>) = 75 [pid 5260] <... futex resumed>) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5256] <... futex resumed>) = 0 [pid 5260] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... mmap resumed>) = 0x20000000 [pid 5257] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5256] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] pipe2( [pid 5256] <... futex resumed>) = 0 [pid 5257] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5256] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] exit_group(0 [pid 5260] <... futex resumed>) = ? [pid 5257] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5260] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 126.324983][ T5257] EXT4-fs (loop0): free_blocks=2415919104 [ 126.331115][ T5257] EXT4-fs (loop0): dirty_blocks=16 [ 126.336651][ T5257] EXT4-fs (loop0): Block reservation details [ 126.342805][ T5257] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 126.458974][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 126.471299][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 126.471299][ T139] close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5261 attached , child_tidptr=0x5555749a2690) = 5261 [pid 5261] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5261] chdir("./35") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5261] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5261] <... clone3 resumed> => {parent_tid=[5262]}, 88) = 5262 [pid 5262] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] memfd_create("syzkaller", 0 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5262] <... memfd_create resumed>) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5262] munmap(0x7f036dc00000, 138412032) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] close(4) = 0 [pid 5262] mkdir("./bus", 0777) = 0 [ 126.813976][ T5262] loop0: detected capacity change from 0 to 2048 [pid 5262] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5262] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./bus") = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5262] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... openat resumed>) = 4 [pid 5262] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5261] <... futex resumed>) = 0 [pid 5262] <... openat resumed>) = 5 [pid 5261] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5261] <... futex resumed>) = 1 [pid 5261] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... openat resumed>) = 6 [pid 5262] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 1 [pid 5261] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] write(6, "t", 1 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... write resumed>) = 1 [pid 5262] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] sendfile(6, 5, NULL, 131071 [pid 5261] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5261] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5261] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5266 attached [pid 5266] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5266] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5261] <... clone3 resumed> => {parent_tid=[5266]}, 88) = 5266 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5261] <... futex resumed>) = 0 [pid 5266] <... open resumed>) = 7 [pid 5261] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5261] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 127.016300][ T5262] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 127.034624][ T5262] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 127.046963][ T5262] EXT4-fs (loop0): This should not happen!! Data will be lost [ 127.046963][ T5262] [ 127.056741][ T5262] EXT4-fs (loop0): Total free blocks count 0 [pid 5261] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5266] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5266] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... futex resumed>) = 0 [pid 5262] pipe2(0x20000240, 0) = 0 [pid 5262] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] exit_group(0 [pid 5266] <... futex resumed>) = ? [pid 5262] <... futex resumed>) = ? [pid 5266] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ [pid 5261] <... exit_group resumed>) = ? [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 127.062846][ T5262] EXT4-fs (loop0): Free/Dirty block details [ 127.068811][ T5262] EXT4-fs (loop0): free_blocks=2415919104 [ 127.074745][ T5262] EXT4-fs (loop0): dirty_blocks=16 [ 127.079917][ T5262] EXT4-fs (loop0): Block reservation details [ 127.085990][ T5262] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 127.133977][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 127.146308][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 127.146308][ T139] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5267 attached , child_tidptr=0x5555749a2690) = 5267 [pid 5267] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5267] chdir("./36") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5267] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5267] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5268 attached [pid 5268] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5267] <... clone3 resumed> => {parent_tid=[5268]}, 88) = 5268 [pid 5268] set_robust_list(0x7f03761f79a0, 24 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] <... set_robust_list resumed>) = 0 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5267] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5268] memfd_create("syzkaller", 0) = 3 [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5268] munmap(0x7f036dc00000, 138412032) = 0 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5268] close(3) = 0 [pid 5268] close(4) = 0 [pid 5268] mkdir("./bus", 0777) = 0 [pid 5268] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5268] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5268] chdir("./bus") = 0 [ 127.423477][ T5268] loop0: detected capacity change from 0 to 2048 [pid 5268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5268] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5268] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] <... futex resumed>) = 0 [pid 5268] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5267] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... openat resumed>) = 4 [pid 5268] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5268] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5267] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... openat resumed>) = 5 [pid 5268] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... futex resumed>) = 1 [pid 5268] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5268] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5267] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] write(6, "t", 1 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... write resumed>) = 1 [pid 5268] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5268] sendfile(6, 5, NULL, 131071 [pid 5267] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5267] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5267] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5271 attached [pid 5271] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5267] <... clone3 resumed> => {parent_tid=[5271]}, 88) = 5271 [pid 5271] <... rseq resumed>) = 0 [pid 5271] set_robust_list(0x7f03761d69a0, 24 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] <... set_robust_list resumed>) = 0 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5271] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5271] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5267] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... open resumed>) = 7 [pid 5271] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... futex resumed>) = 1 [ 127.580248][ T5268] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 127.596073][ T5268] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 127.613360][ T5268] EXT4-fs (loop0): This should not happen!! Data will be lost [ 127.613360][ T5268] [ 127.623138][ T5268] EXT4-fs (loop0): Total free blocks count 0 [pid 5271] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5268] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... futex resumed>) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5267] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5267] <... futex resumed>) = 1 [pid 5268] pipe2( [pid 5267] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5268] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] <... futex resumed>) = 0 [pid 5268] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] exit_group(0 [pid 5271] <... futex resumed>) = ? [pid 5268] <... futex resumed>) = ? [pid 5267] <... exit_group resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ [pid 5267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5267, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 127.629176][ T5268] EXT4-fs (loop0): Free/Dirty block details [ 127.635302][ T5268] EXT4-fs (loop0): free_blocks=2415919104 [ 127.641094][ T5268] EXT4-fs (loop0): dirty_blocks=16 [ 127.646215][ T5268] EXT4-fs (loop0): Block reservation details [ 127.652289][ T5268] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 127.726283][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 127.739436][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 127.739436][ T2467] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5272 attached , child_tidptr=0x5555749a2690) = 5272 [pid 5272] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5272] chdir("./37") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5272] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5273 attached [pid 5273] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5272] <... clone3 resumed> => {parent_tid=[5273]}, 88) = 5273 [pid 5273] set_robust_list(0x7f03761f79a0, 24 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] <... set_robust_list resumed>) = 0 [pid 5272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5272] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5273] munmap(0x7f036dc00000, 138412032) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] close(4) = 0 [pid 5273] mkdir("./bus", 0777) = 0 [pid 5273] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5273] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./bus") = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 128.004413][ T5273] loop0: detected capacity change from 0 to 2048 [pid 5273] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5273] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5272] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... openat resumed>) = 5 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5272] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5272] <... futex resumed>) = 0 [pid 5273] <... openat resumed>) = 6 [pid 5272] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] write(6, "t", 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... write resumed>) = 1 [pid 5273] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5273] sendfile(6, 5, NULL, 131071 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5272] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5272] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 128.141818][ T5273] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 128.157597][ T5273] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 128.170443][ T5273] EXT4-fs (loop0): This should not happen!! Data will be lost [ 128.170443][ T5273] [ 128.180222][ T5273] EXT4-fs (loop0): Total free blocks count 0 [pid 5272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5276 attached => {parent_tid=[5276]}, 88) = 5276 [pid 5276] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] <... rseq resumed>) = 0 [pid 5276] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5272] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5272] <... futex resumed>) = 0 [pid 5276] <... open resumed>) = 7 [pid 5272] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... sendfile resumed>) = 75 [pid 5276] <... futex resumed>) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5276] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5273] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] <... mmap resumed>) = 0x20000000 [pid 5276] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5273] pipe2( [pid 5272] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5273] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] exit_group(0 [pid 5276] <... futex resumed>) = ? [pid 5273] <... futex resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5273] +++ exited with 0 +++ [pid 5272] <... exit_group resumed>) = ? [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [ 128.186547][ T5273] EXT4-fs (loop0): Free/Dirty block details [ 128.193128][ T5273] EXT4-fs (loop0): free_blocks=2415919104 [ 128.198890][ T5273] EXT4-fs (loop0): dirty_blocks=16 [ 128.204489][ T5273] EXT4-fs (loop0): Block reservation details [ 128.210560][ T5273] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 128.275727][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 128.288016][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 128.288016][ T2467] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5277 attached , child_tidptr=0x5555749a2690) = 5277 [pid 5277] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5277] chdir("./38") = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5277] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5278 attached [pid 5278] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5277] <... clone3 resumed> => {parent_tid=[5278]}, 88) = 5278 [pid 5278] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] memfd_create("syzkaller", 0 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5278] <... memfd_create resumed>) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5278] munmap(0x7f036dc00000, 138412032) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] close(4) = 0 [pid 5278] mkdir("./bus", 0777) = 0 [pid 5278] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5278] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./bus") = 0 [ 128.619823][ T5278] loop0: detected capacity change from 0 to 2048 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5278] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] <... futex resumed>) = 0 [pid 5278] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5277] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... openat resumed>) = 4 [pid 5278] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5277] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... openat resumed>) = 5 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5277] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5277] <... futex resumed>) = 0 [pid 5278] <... openat resumed>) = 6 [pid 5277] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5277] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] write(6, "t", 1 [pid 5277] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... write resumed>) = 1 [pid 5278] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5277] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] sendfile(6, 5, NULL, 131071 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5277] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5277] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 128.765917][ T5278] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 128.781870][ T5278] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 128.794217][ T5278] EXT4-fs (loop0): This should not happen!! Data will be lost [ 128.794217][ T5278] [ 128.804011][ T5278] EXT4-fs (loop0): Total free blocks count 0 [ 128.810265][ T5278] EXT4-fs (loop0): Free/Dirty block details [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5277] <... clone3 resumed> => {parent_tid=[5282]}, 88) = 5282 [pid 5282] <... rseq resumed>) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5282] set_robust_list(0x7f03761d69a0, 24 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5277] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... futex resumed>) = 0 [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5282] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5277] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... mmap resumed>) = 0x20000000 [pid 5278] <... sendfile resumed>) = 75 [pid 5282] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 0 [pid 5282] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] pipe2( [pid 5277] <... futex resumed>) = 0 [pid 5278] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5278] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] exit_group(0 [pid 5282] <... futex resumed>) = ? [pid 5278] <... futex resumed>) = ? [pid 5278] +++ exited with 0 +++ [pid 5277] <... exit_group resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [ 128.816523][ T5278] EXT4-fs (loop0): free_blocks=2415919104 [ 128.822965][ T5278] EXT4-fs (loop0): dirty_blocks=16 [ 128.828138][ T5278] EXT4-fs (loop0): Block reservation details [ 128.834800][ T5278] EXT4-fs (loop0): i_reserved_data_blocks=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 128.918207][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 128.930522][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 128.930522][ T62] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5283 attached , child_tidptr=0x5555749a2690) = 5283 [pid 5283] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5283] chdir("./39") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5283] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5284 attached [pid 5284] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5283] <... clone3 resumed> => {parent_tid=[5284]}, 88) = 5284 [pid 5284] set_robust_list(0x7f03761f79a0, 24 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5284] <... set_robust_list resumed>) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5283] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5284] munmap(0x7f036dc00000, 138412032) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] close(4) = 0 [pid 5284] mkdir("./bus", 0777) = 0 [pid 5284] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5284] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./bus") = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5284] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5283] <... futex resumed>) = 1 [ 129.234017][ T5284] loop0: detected capacity change from 0 to 2048 [pid 5283] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... openat resumed>) = 4 [pid 5284] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5284] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5283] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... openat resumed>) = 5 [pid 5284] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... futex resumed>) = 0 [pid 5284] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5284] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] write(6, "t", 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... write resumed>) = 1 [pid 5284] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5284] sendfile(6, 5, NULL, 131071 [ 129.307226][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 129.307258][ T29] audit: type=1804 audit(1714530398.115:217): pid=5284 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/39/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5283] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5283] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 129.342166][ T29] audit: type=1804 audit(1714530398.135:218): pid=5284 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/39/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 129.384911][ T5284] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 5283] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5287 attached [pid 5287] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5283] <... clone3 resumed> => {parent_tid=[5287]}, 88) = 5287 [pid 5287] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5287] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 129.400029][ T5284] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 129.412461][ T5284] EXT4-fs (loop0): This should not happen!! Data will be lost [ 129.412461][ T5284] [ 129.422304][ T5284] EXT4-fs (loop0): Total free blocks count 0 [ 129.428323][ T5284] EXT4-fs (loop0): Free/Dirty block details [ 129.434379][ T5284] EXT4-fs (loop0): free_blocks=2415919104 [ 129.440212][ T5284] EXT4-fs (loop0): dirty_blocks=16 [ 129.445378][ T5284] EXT4-fs (loop0): Block reservation details [pid 5283] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] <... open resumed>) = 7 [pid 5283] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5287] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5283] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... mmap resumed>) = 0x20000000 [pid 5287] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] pipe2(0x20000240, 0) = 0 [pid 5287] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5287] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... sendfile resumed>) = 75 [pid 5284] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] exit_group(0 [pid 5287] <... futex resumed>) = ? [pid 5284] <... futex resumed>) = ? [pid 5283] <... exit_group resumed>) = ? [pid 5287] +++ exited with 0 +++ [ 129.449914][ T29] audit: type=1804 audit(1714530398.255:219): pid=5287 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/39/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 129.451452][ T5284] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5284] +++ exited with 0 +++ [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 129.532868][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 129.545136][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 129.545136][ T139] close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5288 ./strace-static-x86_64: Process 5288 attached [pid 5288] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5288] chdir("./40") = 0 [pid 5288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5288] setpgid(0, 0) = 0 [pid 5288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5288] write(3, "1000", 4) = 4 [pid 5288] close(3) = 0 [pid 5288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5288] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5288] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5289 attached [pid 5289] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5288] <... clone3 resumed> => {parent_tid=[5289]}, 88) = 5289 [pid 5289] set_robust_list(0x7f03761f79a0, 24 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5289] <... set_robust_list resumed>) = 0 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] <... futex resumed>) = 0 [pid 5289] memfd_create("syzkaller", 0 [pid 5288] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5289] <... memfd_create resumed>) = 3 [pid 5289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5289] munmap(0x7f036dc00000, 138412032) = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5289] close(3) = 0 [pid 5289] close(4) = 0 [pid 5289] mkdir("./bus", 0777) = 0 [ 129.853263][ T5289] loop0: detected capacity change from 0 to 2048 [pid 5289] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5289] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5289] chdir("./bus") = 0 [pid 5289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5289] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5288] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5289] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5288] <... futex resumed>) = 1 [pid 5289] <... openat resumed>) = 5 [pid 5288] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] <... futex resumed>) = 1 [pid 5288] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5289] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5289] <... futex resumed>) = 1 [pid 5288] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] write(6, "t", 1 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] <... write resumed>) = 1 [pid 5289] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5289] sendfile(6, 5, NULL, 131071 [ 129.972036][ T29] audit: type=1804 audit(1714530398.785:220): pid=5289 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/40/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 129.998387][ T29] audit: type=1804 audit(1714530398.815:221): pid=5289 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/40/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5288] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5288] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5288] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 130.055539][ T5289] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 130.071432][ T5289] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 130.083805][ T5289] EXT4-fs (loop0): This should not happen!! Data will be lost [ 130.083805][ T5289] [ 130.094065][ T5289] EXT4-fs (loop0): Total free blocks count 0 [pid 5288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5292 attached => {parent_tid=[5292]}, 88) = 5292 [pid 5292] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] set_robust_list(0x7f03761d69a0, 24 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] <... set_robust_list resumed>) = 0 [pid 5288] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] <... futex resumed>) = 0 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5288] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... open resumed>) = 7 [pid 5292] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5289] <... sendfile resumed>) = 75 [pid 5292] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5288] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... mmap resumed>) = 0x20000000 [pid 5289] <... futex resumed>) = 0 [pid 5292] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... futex resumed>) = 1 [pid 5292] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5289] pipe2( [pid 5288] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] <... pipe2 resumed>0x20000240, 0) = 0 [ 130.100479][ T5289] EXT4-fs (loop0): Free/Dirty block details [ 130.106420][ T5289] EXT4-fs (loop0): free_blocks=2415919104 [ 130.112879][ T5289] EXT4-fs (loop0): dirty_blocks=16 [ 130.118075][ T29] audit: type=1804 audit(1714530398.925:222): pid=5292 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/40/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 130.118803][ T5289] EXT4-fs (loop0): Block reservation details [ 130.147764][ T5289] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5289] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5289] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] exit_group(0 [pid 5292] <... futex resumed>) = ? [pid 5289] <... futex resumed>) = ? [pid 5288] <... exit_group resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ [pid 5288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5288, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 130.248952][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 130.261250][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 130.261250][ T139] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached , child_tidptr=0x5555749a2690) = 5293 [pid 5293] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5293] chdir("./41") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5293] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5294 attached [pid 5294] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5293] <... clone3 resumed> => {parent_tid=[5294]}, 88) = 5294 [pid 5294] <... rseq resumed>) = 0 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] set_robust_list(0x7f03761f79a0, 24 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] <... futex resumed>) = 0 [pid 5294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5294] munmap(0x7f036dc00000, 138412032) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] close(4) = 0 [pid 5294] mkdir("./bus", 0777) = 0 [pid 5294] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5294] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 130.562271][ T5294] loop0: detected capacity change from 0 to 2048 [pid 5294] chdir("./bus") = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5294] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5293] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... openat resumed>) = 4 [pid 5294] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5293] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5293] <... futex resumed>) = 0 [pid 5294] <... openat resumed>) = 5 [pid 5293] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5293] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... openat resumed>) = 6 [pid 5294] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] write(6, "t", 1 [pid 5293] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... write resumed>) = 1 [pid 5294] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5293] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] sendfile(6, 5, NULL, 131071 [pid 5293] <... futex resumed>) = 0 [ 130.647391][ T29] audit: type=1804 audit(1714530399.455:223): pid=5294 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/41/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 130.671545][ T29] audit: type=1804 audit(1714530399.455:224): pid=5294 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/41/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5293] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5293] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5293] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 130.736410][ T5294] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 130.751962][ T5294] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 130.764245][ T5294] EXT4-fs (loop0): This should not happen!! Data will be lost [ 130.764245][ T5294] [ 130.774029][ T5294] EXT4-fs (loop0): Total free blocks count 0 [ 130.780106][ T5294] EXT4-fs (loop0): Free/Dirty block details [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5297 attached [pid 5297] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5293] <... clone3 resumed> => {parent_tid=[5297]}, 88) = 5297 [pid 5297] set_robust_list(0x7f03761d69a0, 24 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] <... set_robust_list resumed>) = 0 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] <... sendfile resumed>) = 75 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5294] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] <... futex resumed>) = 0 [pid 5293] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5297] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5293] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] pipe2( [pid 5293] <... futex resumed>) = 0 [pid 5294] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5293] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [ 130.786044][ T5294] EXT4-fs (loop0): free_blocks=2415919104 [ 130.792108][ T5294] EXT4-fs (loop0): dirty_blocks=16 [ 130.797287][ T5294] EXT4-fs (loop0): Block reservation details [ 130.803413][ T5294] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 130.813188][ T29] audit: type=1804 audit(1714530399.625:225): pid=5297 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/41/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5294] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] exit_group(0 [pid 5297] <... futex resumed>) = ? [pid 5294] <... futex resumed>) = ? [pid 5293] <... exit_group resumed>) = ? [pid 5297] +++ exited with 0 +++ [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 130.925920][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 130.938492][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 130.938492][ T139] close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5298 attached , child_tidptr=0x5555749a2690) = 5298 [pid 5298] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5298] chdir("./42") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5298] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5299 attached [pid 5299] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5298] <... clone3 resumed> => {parent_tid=[5299]}, 88) = 5299 [pid 5299] set_robust_list(0x7f03761f79a0, 24 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] <... set_robust_list resumed>) = 0 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] <... futex resumed>) = 0 [pid 5299] memfd_create("syzkaller", 0 [pid 5298] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5299] <... memfd_create resumed>) = 3 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5299] munmap(0x7f036dc00000, 138412032) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5299] close(3) = 0 [pid 5299] close(4) = 0 [pid 5299] mkdir("./bus", 0777) = 0 [pid 5299] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5299] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5299] chdir("./bus") = 0 [ 131.247100][ T5299] loop0: detected capacity change from 0 to 2048 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5299] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5298] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... openat resumed>) = 4 [pid 5299] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] <... futex resumed>) = 0 [pid 5299] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5298] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... openat resumed>) = 5 [pid 5299] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... openat resumed>) = 6 [pid 5299] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5298] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] write(6, "t", 1 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... write resumed>) = 1 [pid 5299] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [ 131.329709][ T29] audit: type=1804 audit(1714530400.135:226): pid=5299 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/42/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5298] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] sendfile(6, 5, NULL, 131071 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5298] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5298] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 131.441487][ T5299] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 131.456833][ T5299] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 131.469140][ T5299] EXT4-fs (loop0): This should not happen!! Data will be lost [ 131.469140][ T5299] [ 131.478887][ T5299] EXT4-fs (loop0): Total free blocks count 0 [ 131.485659][ T5299] EXT4-fs (loop0): Free/Dirty block details [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5302 attached [pid 5302] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5298] <... clone3 resumed> => {parent_tid=[5302]}, 88) = 5302 [pid 5302] <... rseq resumed>) = 0 [pid 5302] set_robust_list(0x7f03761d69a0, 24 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] <... set_robust_list resumed>) = 0 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5298] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... open resumed>) = 7 [pid 5302] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5302] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... sendfile resumed>) = 75 [pid 5299] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] <... mmap resumed>) = 0x20000000 [pid 5302] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5298] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5299] pipe2( [pid 5298] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5299] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 0 [pid 5298] exit_group(0 [pid 5302] <... futex resumed>) = ? [pid 5299] <... futex resumed>) = ? [pid 5298] <... exit_group resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ [pid 5298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 131.491725][ T5299] EXT4-fs (loop0): free_blocks=2415919104 [ 131.498234][ T5299] EXT4-fs (loop0): dirty_blocks=16 [ 131.504098][ T5299] EXT4-fs (loop0): Block reservation details [ 131.510513][ T5299] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 131.563914][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 131.576324][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 131.576324][ T139] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5303] chdir("./43" [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5303 [pid 5303] <... chdir resumed>) = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5303] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5304 attached [pid 5304] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5303] <... clone3 resumed> => {parent_tid=[5304]}, 88) = 5304 [pid 5304] set_robust_list(0x7f03761f79a0, 24 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... set_robust_list resumed>) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] memfd_create("syzkaller", 0 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5304] <... memfd_create resumed>) = 3 [pid 5304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5304] munmap(0x7f036dc00000, 138412032) = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5304] close(3) = 0 [pid 5304] close(4) = 0 [pid 5304] mkdir("./bus", 0777) = 0 [ 131.915149][ T5304] loop0: detected capacity change from 0 to 2048 [pid 5304] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5304] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5304] chdir("./bus") = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5304] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... openat resumed>) = 4 [pid 5304] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5303] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... openat resumed>) = 5 [pid 5304] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5304] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] write(6, "t", 1) = 1 [pid 5304] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5304] sendfile(6, 5, NULL, 131071 [pid 5303] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5303] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5303] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5307 attached [pid 5307] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5303] <... clone3 resumed> => {parent_tid=[5307]}, 88) = 5307 [pid 5307] <... rseq resumed>) = 0 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5307] set_robust_list(0x7f03761d69a0, 24 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5307] <... set_robust_list resumed>) = 0 [pid 5303] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] <... futex resumed>) = 0 [pid 5307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 132.078785][ T5304] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 132.094254][ T5304] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 132.106730][ T5304] EXT4-fs (loop0): This should not happen!! Data will be lost [ 132.106730][ T5304] [ 132.116603][ T5304] EXT4-fs (loop0): Total free blocks count 0 [ 132.122714][ T5304] EXT4-fs (loop0): Free/Dirty block details [pid 5307] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5307] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5303] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... mmap resumed>) = 0x20000000 [pid 5304] <... sendfile resumed>) = 75 [pid 5304] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5307] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... futex resumed>) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] pipe2( [pid 5303] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5304] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5304] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... futex resumed>) = 0 [pid 5303] exit_group(0 [pid 5307] <... futex resumed>) = ? [pid 5304] <... futex resumed>) = ? [pid 5303] <... exit_group resumed>) = ? [pid 5307] +++ exited with 0 +++ [pid 5304] +++ exited with 0 +++ [ 132.128654][ T5304] EXT4-fs (loop0): free_blocks=2415919104 [ 132.134512][ T5304] EXT4-fs (loop0): dirty_blocks=16 [ 132.139667][ T5304] EXT4-fs (loop0): Block reservation details [ 132.145766][ T5304] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 132.216563][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 132.228835][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 132.228835][ T62] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5308 attached , child_tidptr=0x5555749a2690) = 5308 [pid 5308] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5308] chdir("./44") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5308] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5308] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5309 attached [pid 5309] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5309] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... clone3 resumed> => {parent_tid=[5309]}, 88) = 5309 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5309] memfd_create("syzkaller", 0 [pid 5308] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5309] <... memfd_create resumed>) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5309] munmap(0x7f036dc00000, 138412032) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] close(4) = 0 [pid 5309] mkdir("./bus", 0777) = 0 [pid 5309] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5309] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 132.583614][ T5309] loop0: detected capacity change from 0 to 2048 [pid 5309] chdir("./bus") = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5309] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... openat resumed>) = 4 [pid 5309] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5309] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5309] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5308] <... futex resumed>) = 0 [pid 5309] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5308] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... openat resumed>) = 6 [pid 5309] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5308] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] write(6, "t", 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... write resumed>) = 1 [pid 5309] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5309] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] sendfile(6, 5, NULL, 131071 [pid 5308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5308] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5308] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5312 attached => {parent_tid=[5312]}, 88) = 5312 [pid 5312] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] <... rseq resumed>) = 0 [pid 5308] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5308] <... futex resumed>) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], [pid 5308] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5312] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5312] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5312] <... futex resumed>) = 1 [ 132.728796][ T5309] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 132.744515][ T5309] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 132.757970][ T5309] EXT4-fs (loop0): This should not happen!! Data will be lost [ 132.757970][ T5309] [ 132.769098][ T5309] EXT4-fs (loop0): Total free blocks count 0 [pid 5308] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... mmap resumed>) = 0x20000000 [pid 5309] <... sendfile resumed>) = 75 [pid 5312] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] <... futex resumed>) = 0 [pid 5309] pipe2( [pid 5308] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5308] <... futex resumed>) = 0 [pid 5309] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] exit_group(0 [pid 5312] <... futex resumed>) = ? [pid 5309] <... futex resumed>) = ? [pid 5308] <... exit_group resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 132.775449][ T5309] EXT4-fs (loop0): Free/Dirty block details [ 132.782398][ T5309] EXT4-fs (loop0): free_blocks=2415919104 [ 132.788451][ T5309] EXT4-fs (loop0): dirty_blocks=16 [ 132.794043][ T5309] EXT4-fs (loop0): Block reservation details [ 132.800301][ T5309] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 [ 132.874265][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 132.887541][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 132.887541][ T139] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5313 attached , child_tidptr=0x5555749a2690) = 5313 [pid 5313] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5313] chdir("./45") = 0 [pid 5313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5313] setpgid(0, 0) = 0 [pid 5313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5313] write(3, "1000", 4) = 4 [pid 5313] close(3) = 0 [pid 5313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5313] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5313] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5314 attached [pid 5314] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5313] <... clone3 resumed> => {parent_tid=[5314]}, 88) = 5314 [pid 5314] <... rseq resumed>) = 0 [pid 5314] set_robust_list(0x7f03761f79a0, 24 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] <... set_robust_list resumed>) = 0 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5313] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] <... futex resumed>) = 0 [pid 5314] memfd_create("syzkaller", 0 [pid 5313] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5314] <... memfd_create resumed>) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5314] munmap(0x7f036dc00000, 138412032) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] close(4) = 0 [pid 5314] mkdir("./bus", 0777) = 0 [pid 5314] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5314] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 133.212537][ T5314] loop0: detected capacity change from 0 to 2048 [pid 5314] chdir("./bus") = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5314] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5313] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... openat resumed>) = 4 [pid 5314] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5314] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5313] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... openat resumed>) = 5 [pid 5314] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5313] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... openat resumed>) = 6 [pid 5314] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5314] write(6, "t", 1 [pid 5313] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... write resumed>) = 1 [pid 5314] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5313] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] sendfile(6, 5, NULL, 131071 [pid 5313] <... futex resumed>) = 0 [pid 5313] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5313] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5313] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 133.340107][ T5314] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 133.355424][ T5314] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 133.367724][ T5314] EXT4-fs (loop0): This should not happen!! Data will be lost [ 133.367724][ T5314] [ 133.377459][ T5314] EXT4-fs (loop0): Total free blocks count 0 [ 133.383560][ T5314] EXT4-fs (loop0): Free/Dirty block details [pid 5313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5317 attached [pid 5317] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5313] <... clone3 resumed> => {parent_tid=[5317]}, 88) = 5317 [pid 5317] <... rseq resumed>) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] set_robust_list(0x7f03761d69a0, 24 [pid 5313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] <... set_robust_list resumed>) = 0 [pid 5313] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] <... futex resumed>) = 0 [pid 5317] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5313] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... open resumed>) = 7 [pid 5317] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... sendfile resumed>) = 75 [pid 5317] <... futex resumed>) = 1 [pid 5314] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 0 [pid 5317] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5314] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5313] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... mmap resumed>) = 0x20000000 [pid 5314] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5313] <... futex resumed>) = 0 [pid 5314] pipe2( [pid 5313] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5314] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5314] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] exit_group(0 [pid 5317] <... futex resumed>) = ? [pid 5317] +++ exited with 0 +++ [pid 5314] <... futex resumed>) = ? [pid 5313] <... exit_group resumed>) = ? [pid 5314] +++ exited with 0 +++ [ 133.389489][ T5314] EXT4-fs (loop0): free_blocks=2415919104 [ 133.395303][ T5314] EXT4-fs (loop0): dirty_blocks=16 [ 133.400531][ T5314] EXT4-fs (loop0): Block reservation details [ 133.406925][ T5314] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5313, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 133.506688][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 133.519180][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 133.519180][ T62] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5318 attached , child_tidptr=0x5555749a2690) = 5318 [pid 5318] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5318] chdir("./46") = 0 [pid 5318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5318] setpgid(0, 0) = 0 [pid 5318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5318] write(3, "1000", 4) = 4 [pid 5318] close(3) = 0 [pid 5318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5318] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5318] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5319 attached [pid 5319] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5318] <... clone3 resumed> => {parent_tid=[5319]}, 88) = 5319 [pid 5319] set_robust_list(0x7f03761f79a0, 24 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... set_robust_list resumed>) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5319] memfd_create("syzkaller", 0) = 3 [pid 5319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5319] munmap(0x7f036dc00000, 138412032) = 0 [pid 5319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5319] close(3) = 0 [pid 5319] close(4) = 0 [pid 5319] mkdir("./bus", 0777) = 0 [ 133.842218][ T5319] loop0: detected capacity change from 0 to 2048 [ 133.876504][ T5319] EXT4-fs mount: 28 callbacks suppressed [pid 5319] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5319] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5319] chdir("./bus") = 0 [pid 5319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5319] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = 1 [pid 5318] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] <... openat resumed>) = 4 [pid 5319] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] <... openat resumed>) = 5 [pid 5319] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 133.876527][ T5319] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5318] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5319] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5319] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5318] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] write(6, "t", 1 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] <... write resumed>) = 1 [pid 5319] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5319] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5318] <... futex resumed>) = 0 [pid 5319] sendfile(6, 5, NULL, 131071 [pid 5318] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5318] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5318] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5322 attached [pid 5322] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5322] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5318] <... clone3 resumed> => {parent_tid=[5322]}, 88) = 5322 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] rt_sigprocmask(SIG_SETMASK, [], [pid 5322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5318] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... open resumed>) = 7 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] <... futex resumed>) = 1 [ 133.987274][ T5319] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 134.003050][ T5319] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 134.016432][ T5319] EXT4-fs (loop0): This should not happen!! Data will be lost [ 134.016432][ T5319] [ 134.027914][ T5319] EXT4-fs (loop0): Total free blocks count 0 [pid 5318] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5319] <... sendfile resumed>) = 75 [pid 5318] <... futex resumed>) = 0 [pid 5322] <... futex resumed>) = 1 [pid 5318] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] pipe2( [pid 5318] <... futex resumed>) = 0 [pid 5322] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5319] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5322] <... futex resumed>) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5322] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] exit_group(0 [pid 5322] <... futex resumed>) = ? [pid 5318] <... exit_group resumed>) = ? [pid 5322] +++ exited with 0 +++ [pid 5319] +++ exited with 0 +++ [pid 5318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5318, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.034024][ T5319] EXT4-fs (loop0): Free/Dirty block details [ 134.040584][ T5319] EXT4-fs (loop0): free_blocks=2415919104 [ 134.047177][ T5319] EXT4-fs (loop0): dirty_blocks=16 [ 134.052400][ T5319] EXT4-fs (loop0): Block reservation details [ 134.058451][ T5319] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 134.149926][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5323 attached , child_tidptr=0x5555749a2690) = 5323 [pid 5323] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5323] chdir("./47") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5323] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5324 attached [pid 5324] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5323] <... clone3 resumed> => {parent_tid=[5324]}, 88) = 5324 [pid 5324] set_robust_list(0x7f03761f79a0, 24 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] <... set_robust_list resumed>) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5323] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] memfd_create("syzkaller", 0 [pid 5323] <... futex resumed>) = 0 [pid 5324] <... memfd_create resumed>) = 3 [pid 5323] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5324] munmap(0x7f036dc00000, 138412032) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] close(4) = 0 [pid 5324] mkdir("./bus", 0777) = 0 [ 134.482874][ T5324] loop0: detected capacity change from 0 to 2048 [pid 5324] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5324] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./bus") = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5324] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5323] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... openat resumed>) = 4 [ 134.545611][ T5324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5324] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5323] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... openat resumed>) = 5 [pid 5324] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5323] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] write(6, "t", 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... write resumed>) = 1 [pid 5324] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] sendfile(6, 5, NULL, 131071 [pid 5323] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 134.608595][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 134.608619][ T29] audit: type=1804 audit(1714530403.415:241): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/47/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 134.638862][ T29] audit: type=1804 audit(1714530403.435:242): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/47/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5323] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5323] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5323] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5327 attached => {parent_tid=[5327]}, 88) = 5327 [pid 5327] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5327] <... rseq resumed>) = 0 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5323] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] set_robust_list(0x7f03761d69a0, 24 [pid 5323] <... futex resumed>) = 0 [pid 5327] <... set_robust_list resumed>) = 0 [pid 5323] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5327] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 134.693523][ T5324] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 134.708974][ T5324] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 134.721692][ T5324] EXT4-fs (loop0): This should not happen!! Data will be lost [ 134.721692][ T5324] [ 134.731492][ T5324] EXT4-fs (loop0): Total free blocks count 0 [ 134.737536][ T5324] EXT4-fs (loop0): Free/Dirty block details [pid 5327] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5327] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5323] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... mmap resumed>) = 0x20000000 [pid 5324] <... sendfile resumed>) = 75 [pid 5324] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5324] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... futex resumed>) = 0 [pid 5327] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] pipe2( [pid 5323] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5324] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] exit_group(0) = ? [pid 5327] <... futex resumed>) = ? [pid 5324] <... futex resumed>) = ? [pid 5327] +++ exited with 0 +++ [pid 5324] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 134.743239][ T29] audit: type=1804 audit(1714530403.545:243): pid=5327 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/47/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 134.743529][ T5324] EXT4-fs (loop0): free_blocks=2415919104 [ 134.772712][ T5324] EXT4-fs (loop0): dirty_blocks=16 [ 134.777879][ T5324] EXT4-fs (loop0): Block reservation details [ 134.783971][ T5324] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 134.901263][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5331 attached , child_tidptr=0x5555749a2690) = 5331 [pid 5331] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5331] chdir("./48") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5331] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5332 attached => {parent_tid=[5332]}, 88) = 5332 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5331] <... futex resumed>) = 0 [pid 5332] <... rseq resumed>) = 0 [pid 5331] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5332] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] memfd_create("syzkaller", 0) = 3 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5332] munmap(0x7f036dc00000, 138412032) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5332] close(3) = 0 [pid 5332] close(4) = 0 [pid 5332] mkdir("./bus", 0777) = 0 [ 135.366528][ T5332] loop0: detected capacity change from 0 to 2048 [pid 5332] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5332] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5332] chdir("./bus") = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5332] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5332] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5332] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5331] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... openat resumed>) = 4 [pid 5332] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = 1 [pid 5332] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 135.407246][ T5332] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5331] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5331] <... futex resumed>) = 0 [pid 5332] <... openat resumed>) = 6 [pid 5331] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5331] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] write(6, "t", 1) = 1 [pid 5332] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = 1 [pid 5332] sendfile(6, 5, NULL, 131071 [ 135.461658][ T29] audit: type=1804 audit(1714530404.275:244): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/48/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 135.486875][ T29] audit: type=1804 audit(1714530404.275:245): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/48/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5331] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5331] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 135.553864][ T5332] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 135.569359][ T5332] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 135.583838][ T5332] EXT4-fs (loop0): This should not happen!! Data will be lost [ 135.583838][ T5332] [ 135.593644][ T5332] EXT4-fs (loop0): Total free blocks count 0 [pid 5331] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5337 attached [pid 5337] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5332] <... sendfile resumed>) = 75 [pid 5331] <... clone3 resumed> => {parent_tid=[5337]}, 88) = 5337 [pid 5332] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] <... rseq resumed>) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5337] set_robust_list(0x7f03761d69a0, 24 [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5337] <... set_robust_list resumed>) = 0 [pid 5331] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], [pid 5331] <... futex resumed>) = 0 [pid 5337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5331] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5332] <... futex resumed>) = 0 [pid 5337] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5337] <... futex resumed>) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5337] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... futex resumed>) = 1 [pid 5332] <... futex resumed>) = 0 [ 135.600589][ T5332] EXT4-fs (loop0): Free/Dirty block details [ 135.606522][ T5332] EXT4-fs (loop0): free_blocks=2415919104 [ 135.612961][ T5332] EXT4-fs (loop0): dirty_blocks=16 [ 135.618641][ T5332] EXT4-fs (loop0): Block reservation details [ 135.624753][ T5332] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5331] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5332] pipe2( [pid 5331] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5331] <... futex resumed>) = 0 [pid 5332] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] <... futex resumed>) = 0 [pid 5331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5332] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] exit_group(0 [pid 5332] <... futex resumed>) = ? [pid 5331] <... exit_group resumed>) = ? [pid 5337] <... futex resumed>) = ? [pid 5337] +++ exited with 0 +++ [pid 5332] +++ exited with 0 +++ [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 135.641809][ T29] audit: type=1804 audit(1714530404.455:246): pid=5337 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/48/bus/bus" dev="loop0" ino=18 res=1 errno=0 openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 135.740423][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5339 attached , child_tidptr=0x5555749a2690) = 5339 [pid 5339] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5339] chdir("./49") = 0 [pid 5339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5339] setpgid(0, 0) = 0 [pid 5339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5339] write(3, "1000", 4) = 4 [pid 5339] close(3) = 0 [pid 5339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5339] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5339] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5340 attached [pid 5340] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5339] <... clone3 resumed> => {parent_tid=[5340]}, 88) = 5340 [pid 5340] <... rseq resumed>) = 0 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], [pid 5340] set_robust_list(0x7f03761f79a0, 24 [pid 5339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5340] <... set_robust_list resumed>) = 0 [pid 5339] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] <... futex resumed>) = 0 [pid 5340] memfd_create("syzkaller", 0 [pid 5339] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5340] <... memfd_create resumed>) = 3 [pid 5340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5340] munmap(0x7f036dc00000, 138412032) = 0 [pid 5340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5340] close(3) = 0 [pid 5340] close(4) = 0 [pid 5340] mkdir("./bus", 0777) = 0 [ 136.084562][ T5340] loop0: detected capacity change from 0 to 2048 [pid 5340] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5340] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5340] chdir("./bus") = 0 [pid 5340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5340] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5340] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... openat resumed>) = 4 [pid 5340] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = 0 [pid 5340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... openat resumed>) = 5 [pid 5340] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 136.145324][ T5340] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5340] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] <... futex resumed>) = 0 [pid 5340] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5340] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] write(6, "t", 1 [pid 5339] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] <... write resumed>) = 1 [pid 5339] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5339] <... futex resumed>) = 1 [pid 5340] sendfile(6, 5, NULL, 131071 [ 136.198729][ T29] audit: type=1804 audit(1714530405.005:247): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/49/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 136.223706][ T29] audit: type=1804 audit(1714530405.035:248): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/49/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5339] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5339] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5339] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5343 attached [pid 5343] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5343] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5339] <... clone3 resumed> => {parent_tid=[5343]}, 88) = 5343 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5339] rt_sigprocmask(SIG_SETMASK, [], [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5339] <... futex resumed>) = 0 [pid 5343] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 136.311414][ T5340] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 136.327193][ T5340] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 136.339969][ T5340] EXT4-fs (loop0): This should not happen!! Data will be lost [ 136.339969][ T5340] [ 136.350193][ T5340] EXT4-fs (loop0): Total free blocks count 0 [pid 5339] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... open resumed>) = 7 [pid 5343] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] <... futex resumed>) = 0 [pid 5339] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5343] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5339] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... mmap resumed>) = 0x20000000 [pid 5340] <... sendfile resumed>) = 75 [pid 5343] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... futex resumed>) = 0 [pid 5339] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] pipe2( [pid 5339] <... futex resumed>) = 0 [pid 5340] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5339] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5340] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5339] exit_group(0 [pid 5340] <... futex resumed>) = ? [pid 5339] <... exit_group resumed>) = ? [pid 5340] +++ exited with 0 +++ [pid 5343] <... futex resumed>) = ? [ 136.356280][ T5340] EXT4-fs (loop0): Free/Dirty block details [ 136.356351][ T29] audit: type=1804 audit(1714530405.165:249): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/49/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 136.363270][ T5340] EXT4-fs (loop0): free_blocks=2415919104 [ 136.393388][ T5340] EXT4-fs (loop0): dirty_blocks=16 [ 136.399104][ T5340] EXT4-fs (loop0): Block reservation details [ 136.405330][ T5340] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5343] +++ exited with 0 +++ [pid 5339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5339, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 [ 136.517271][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5344 attached , child_tidptr=0x5555749a2690) = 5344 [pid 5344] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5344] chdir("./50") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5344] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5346 attached [pid 5346] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5344] <... clone3 resumed> => {parent_tid=[5346]}, 88) = 5346 [pid 5346] <... rseq resumed>) = 0 [pid 5346] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5346] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5346] memfd_create("syzkaller", 0 [pid 5344] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5346] <... memfd_create resumed>) = 3 [pid 5346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5346] munmap(0x7f036dc00000, 138412032) = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5346] close(3) = 0 [pid 5346] close(4) = 0 [pid 5346] mkdir("./bus", 0777) = 0 [ 136.807442][ T5346] loop0: detected capacity change from 0 to 2048 [pid 5346] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5346] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5346] chdir("./bus") = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5346] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5346] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] <... futex resumed>) = 0 [pid 5346] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5344] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... openat resumed>) = 4 [pid 5346] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5346] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... openat resumed>) = 5 [ 136.846933][ T5346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5346] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] <... futex resumed>) = 0 [pid 5344] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5346] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5346] <... futex resumed>) = 1 [pid 5344] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] write(6, "t", 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... write resumed>) = 1 [pid 5346] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5346] sendfile(6, 5, NULL, 131071 [ 136.896316][ T29] audit: type=1804 audit(1714530405.705:250): pid=5346 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/50/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5344] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5344] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5344] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5349 attached [pid 5349] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5344] <... clone3 resumed> => {parent_tid=[5349]}, 88) = 5349 [pid 5349] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5349] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] <... futex resumed>) = 0 [pid 5349] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5344] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... open resumed>) = 7 [ 137.003297][ T5346] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 137.018682][ T5346] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 137.031123][ T5346] EXT4-fs (loop0): This should not happen!! Data will be lost [ 137.031123][ T5346] [ 137.042481][ T5346] EXT4-fs (loop0): Total free blocks count 0 [pid 5349] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5349] <... futex resumed>) = 1 [pid 5344] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... mmap resumed>) = 0x20000000 [pid 5346] <... sendfile resumed>) = 75 [pid 5349] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5349] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5346] <... futex resumed>) = 0 [pid 5344] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] pipe2( [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5346] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] exit_group(0) = ? [pid 5346] <... futex resumed>) = ? [pid 5349] <... futex resumed>) = ? [pid 5346] +++ exited with 0 +++ [pid 5349] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 137.049065][ T5346] EXT4-fs (loop0): Free/Dirty block details [ 137.055114][ T5346] EXT4-fs (loop0): free_blocks=2415919104 [ 137.061672][ T5346] EXT4-fs (loop0): dirty_blocks=16 [ 137.067300][ T5346] EXT4-fs (loop0): Block reservation details [ 137.073790][ T5346] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 137.154253][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./50/bus") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5350 attached , child_tidptr=0x5555749a2690) = 5350 [pid 5350] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5350] chdir("./51") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5350] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5351 attached [pid 5351] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5350] <... clone3 resumed> => {parent_tid=[5351]}, 88) = 5351 [pid 5351] set_robust_list(0x7f03761f79a0, 24 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] <... set_robust_list resumed>) = 0 [pid 5350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5350] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5350] <... futex resumed>) = 0 [pid 5351] memfd_create("syzkaller", 0 [pid 5350] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] <... memfd_create resumed>) = 3 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5351] munmap(0x7f036dc00000, 138412032) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5351] close(3) = 0 [pid 5351] close(4) = 0 [pid 5351] mkdir("./bus", 0777) = 0 [pid 5351] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5351] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5351] chdir("./bus") = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5351] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5350] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... openat resumed>) = 4 [pid 5351] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] <... futex resumed>) = 1 [ 137.477142][ T5351] loop0: detected capacity change from 0 to 2048 [ 137.505217][ T5351] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5350] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5351] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5350] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... openat resumed>) = 6 [pid 5351] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] write(6, "t", 1 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... write resumed>) = 1 [pid 5351] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] sendfile(6, 5, NULL, 131071 [pid 5350] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5350] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5350] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 137.631385][ T5351] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 137.646717][ T5351] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 137.660178][ T5351] EXT4-fs (loop0): This should not happen!! Data will be lost [ 137.660178][ T5351] [ 137.670760][ T5351] EXT4-fs (loop0): Total free blocks count 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5354]}, 88) = 5354 ./strace-static-x86_64: Process 5354 attached [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5354] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5354] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5354] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5350] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... mmap resumed>) = 0x20000000 [pid 5351] <... sendfile resumed>) = 75 [pid 5354] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5354] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5351] pipe2( [pid 5350] <... futex resumed>) = 1 [pid 5351] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5350] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] exit_group(0) = ? [pid 5354] <... futex resumed>) = ? [pid 5351] <... futex resumed>) = ? [pid 5354] +++ exited with 0 +++ [pid 5351] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 137.677060][ T5351] EXT4-fs (loop0): Free/Dirty block details [ 137.683486][ T5351] EXT4-fs (loop0): free_blocks=2415919104 [ 137.689259][ T5351] EXT4-fs (loop0): dirty_blocks=16 [ 137.699262][ T5351] EXT4-fs (loop0): Block reservation details [ 137.706738][ T5351] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 137.775706][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5355 attached , child_tidptr=0x5555749a2690) = 5355 [pid 5355] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5355] chdir("./52") = 0 [pid 5355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5355] setpgid(0, 0) = 0 [pid 5355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5355] write(3, "1000", 4) = 4 [pid 5355] close(3) = 0 [pid 5355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5355] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5355] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5356 attached [pid 5356] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5355] <... clone3 resumed> => {parent_tid=[5356]}, 88) = 5356 [pid 5356] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5355] rt_sigprocmask(SIG_SETMASK, [], [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5355] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] memfd_create("syzkaller", 0 [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5356] <... memfd_create resumed>) = 3 [pid 5356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5356] munmap(0x7f036dc00000, 138412032) = 0 [pid 5356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5356] close(3) = 0 [pid 5356] close(4) = 0 [pid 5356] mkdir("./bus", 0777) = 0 [ 138.060199][ T5356] loop0: detected capacity change from 0 to 2048 [ 138.098544][ T5356] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5356] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5356] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5356] chdir("./bus") = 0 [pid 5356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5356] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5356] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5355] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... openat resumed>) = 4 [pid 5356] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5355] <... futex resumed>) = 1 [pid 5355] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... openat resumed>) = 5 [pid 5356] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5356] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5355] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] <... openat resumed>) = 6 [pid 5356] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5356] write(6, "t", 1 [pid 5355] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] <... write resumed>) = 1 [pid 5355] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5355] <... futex resumed>) = 0 [pid 5356] sendfile(6, 5, NULL, 131071 [pid 5355] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5355] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5355] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5359 attached [ 138.221660][ T5356] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 138.236768][ T5356] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 138.250553][ T5356] EXT4-fs (loop0): This should not happen!! Data will be lost [ 138.250553][ T5356] [ 138.260937][ T5356] EXT4-fs (loop0): Total free blocks count 0 [pid 5359] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5355] <... clone3 resumed> => {parent_tid=[5359]}, 88) = 5359 [pid 5355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5355] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] <... rseq resumed>) = 0 [pid 5359] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5359] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] <... futex resumed>) = 0 [pid 5355] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5359] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5356] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5359] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5355] <... futex resumed>) = 1 [pid 5355] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] pipe2(0x20000240, 0) = 0 [pid 5356] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5355] <... futex resumed>) = 0 [pid 5356] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] exit_group(0 [pid 5359] <... futex resumed>) = ? [pid 5359] +++ exited with 0 +++ [pid 5356] <... futex resumed>) = ? [pid 5355] <... exit_group resumed>) = ? [pid 5356] +++ exited with 0 +++ [pid 5355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5355, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 138.267592][ T5356] EXT4-fs (loop0): Free/Dirty block details [ 138.273618][ T5356] EXT4-fs (loop0): free_blocks=2415919104 [ 138.279388][ T5356] EXT4-fs (loop0): dirty_blocks=16 [ 138.284591][ T5356] EXT4-fs (loop0): Block reservation details [ 138.291211][ T5356] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 138.376084][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5360 attached , child_tidptr=0x5555749a2690) = 5360 [pid 5360] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5360] chdir("./53") = 0 [pid 5360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5360] setpgid(0, 0) = 0 [pid 5360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5360] write(3, "1000", 4) = 4 [pid 5360] close(3) = 0 [pid 5360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5360] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5360] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5360] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5361 attached [pid 5361] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5360] <... clone3 resumed> => {parent_tid=[5361]}, 88) = 5361 [pid 5361] set_robust_list(0x7f03761f79a0, 24 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], [pid 5361] <... set_robust_list resumed>) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5360] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] memfd_create("syzkaller", 0 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5361] <... memfd_create resumed>) = 3 [pid 5361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5361] munmap(0x7f036dc00000, 138412032) = 0 [pid 5361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5361] close(3) = 0 [pid 5361] close(4) = 0 [pid 5361] mkdir("./bus", 0777) = 0 [ 138.614625][ T5361] loop0: detected capacity change from 0 to 2048 [pid 5361] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5361] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5361] chdir("./bus") = 0 [pid 5361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5361] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5361] <... futex resumed>) = 1 [pid 5360] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... openat resumed>) = 4 [pid 5361] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5361] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5360] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... openat resumed>) = 5 [pid 5361] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] <... futex resumed>) = 0 [pid 5361] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5360] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... openat resumed>) = 6 [ 138.658314][ T5361] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5361] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] <... futex resumed>) = 0 [pid 5361] write(6, "t", 1 [pid 5360] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... write resumed>) = 1 [pid 5361] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5361] sendfile(6, 5, NULL, 131071 [pid 5360] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5360] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5360] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5364 attached => {parent_tid=[5364]}, 88) = 5364 [pid 5364] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], [pid 5364] <... rseq resumed>) = 0 [pid 5360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5364] set_robust_list(0x7f03761d69a0, 24 [pid 5360] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] <... set_robust_list resumed>) = 0 [pid 5360] <... futex resumed>) = 0 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5364] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5364] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] <... futex resumed>) = 1 [pid 5360] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 138.779394][ T5361] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 138.796325][ T5361] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 138.809670][ T5361] EXT4-fs (loop0): This should not happen!! Data will be lost [ 138.809670][ T5361] [ 138.819846][ T5361] EXT4-fs (loop0): Total free blocks count 0 [pid 5364] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5361] <... sendfile resumed>) = 75 [pid 5364] <... mmap resumed>) = 0x20000000 [pid 5361] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5364] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5360] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5361] <... futex resumed>) = 1 [pid 5361] pipe2(0x20000240, 0) = 0 [pid 5361] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5361] <... futex resumed>) = 1 [pid 5360] exit_group(0 [pid 5361] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] <... futex resumed>) = ? [pid 5361] <... futex resumed>) = ? [pid 5360] <... exit_group resumed>) = ? [pid 5364] +++ exited with 0 +++ [pid 5361] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5360, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 138.826532][ T5361] EXT4-fs (loop0): Free/Dirty block details [ 138.833082][ T5361] EXT4-fs (loop0): free_blocks=2415919104 [ 138.838845][ T5361] EXT4-fs (loop0): dirty_blocks=16 [ 138.844061][ T5361] EXT4-fs (loop0): Block reservation details [ 138.850180][ T5361] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 138.922108][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./53/bus") = 0 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5365 attached , child_tidptr=0x5555749a2690) = 5365 [pid 5365] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5365] chdir("./54") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5365] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5366 attached [pid 5366] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5366] set_robust_list(0x7f03761f79a0, 24 [pid 5365] <... clone3 resumed> => {parent_tid=[5366]}, 88) = 5366 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5365] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5366] munmap(0x7f036dc00000, 138412032) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] close(4) = 0 [pid 5366] mkdir("./bus", 0777) = 0 [ 139.265807][ T5366] loop0: detected capacity change from 0 to 2048 [pid 5366] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5366] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./bus") = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5366] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5365] <... futex resumed>) = 1 [pid 5365] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... openat resumed>) = 4 [pid 5366] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] <... futex resumed>) = 0 [pid 5365] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... openat resumed>) = 5 [pid 5366] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5365] <... futex resumed>) = 1 [ 139.335554][ T5366] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5365] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5366] <... futex resumed>) = 1 [pid 5365] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] write(6, "t", 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... write resumed>) = 1 [pid 5366] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] sendfile(6, 5, NULL, 131071 [pid 5365] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5365] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5365] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5369 attached [pid 5369] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5365] <... clone3 resumed> => {parent_tid=[5369]}, 88) = 5369 [pid 5369] <... rseq resumed>) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5369] set_robust_list(0x7f03761d69a0, 24 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5365] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5365] <... futex resumed>) = 0 [pid 5369] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 139.451548][ T5366] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 139.466917][ T5366] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 139.480189][ T5366] EXT4-fs (loop0): This should not happen!! Data will be lost [ 139.480189][ T5366] [ 139.489938][ T5366] EXT4-fs (loop0): Total free blocks count 0 [pid 5365] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... open resumed>) = 7 [pid 5369] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5369] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5365] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... mmap resumed>) = 0x20000000 [pid 5366] <... sendfile resumed>) = 75 [pid 5369] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5369] <... futex resumed>) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5365] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] pipe2(0x20000240, 0) = 0 [pid 5366] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5365] exit_group(0) = ? [pid 5369] <... futex resumed>) = ? [pid 5369] +++ exited with 0 +++ [pid 5366] <... futex resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 139.496970][ T5366] EXT4-fs (loop0): Free/Dirty block details [ 139.502988][ T5366] EXT4-fs (loop0): free_blocks=2415919104 [ 139.508745][ T5366] EXT4-fs (loop0): dirty_blocks=16 [ 139.514169][ T5366] EXT4-fs (loop0): Block reservation details [ 139.520252][ T5366] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 139.595492][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5370 attached , child_tidptr=0x5555749a2690) = 5370 [pid 5370] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5370] chdir("./55") = 0 [pid 5370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5370] setpgid(0, 0) = 0 [pid 5370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5370] write(3, "1000", 4) = 4 [pid 5370] close(3) = 0 [pid 5370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5370] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5370] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5371 attached [pid 5371] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5371] set_robust_list(0x7f03761f79a0, 24 [pid 5370] <... clone3 resumed> => {parent_tid=[5371]}, 88) = 5371 [pid 5371] <... set_robust_list resumed>) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5370] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5371] memfd_create("syzkaller", 0) = 3 [pid 5371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5371] munmap(0x7f036dc00000, 138412032) = 0 [pid 5371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5371] close(3) = 0 [pid 5371] close(4) = 0 [pid 5371] mkdir("./bus", 0777) = 0 [ 139.916465][ T5371] loop0: detected capacity change from 0 to 2048 [pid 5371] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5371] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5371] chdir("./bus") = 0 [pid 5371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5371] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5371] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5370] <... futex resumed>) = 0 [pid 5371] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5370] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... openat resumed>) = 4 [ 139.957746][ T5371] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5371] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5371] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5370] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5370] <... futex resumed>) = 0 [pid 5371] <... openat resumed>) = 5 [pid 5370] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5370] <... futex resumed>) = 0 [pid 5371] <... openat resumed>) = 6 [pid 5370] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] write(6, "t", 1) = 1 [pid 5371] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 140.032577][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 140.032601][ T29] audit: type=1804 audit(1714530408.845:265): pid=5371 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/55/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5370] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] sendfile(6, 5, NULL, 131071 [pid 5370] <... futex resumed>) = 0 [ 140.064210][ T29] audit: type=1804 audit(1714530408.855:266): pid=5371 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/55/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5370] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5370] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5370] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5375 attached [pid 5375] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5370] <... clone3 resumed> => {parent_tid=[5375]}, 88) = 5375 [pid 5375] <... rseq resumed>) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], [pid 5375] set_robust_list(0x7f03761d69a0, 24 [pid 5370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5375] <... set_robust_list resumed>) = 0 [pid 5370] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], [pid 5370] <... futex resumed>) = 0 [pid 5375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5370] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5375] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] <... futex resumed>) = 0 [pid 5370] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... futex resumed>) = 0 [ 140.132476][ T5371] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 140.144146][ T29] audit: type=1804 audit(1714530408.955:267): pid=5375 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/55/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 140.149452][ T5371] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 5375] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5370] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5375] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5370] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = 0 [pid 5371] pipe2( [pid 5370] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5371] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5371] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] exit_group(0 [pid 5375] <... futex resumed>) = ? [pid 5371] <... futex resumed>) = ? [pid 5370] <... exit_group resumed>) = ? [pid 5371] +++ exited with 0 +++ [pid 5375] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5370, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 140.183291][ T5371] EXT4-fs (loop0): This should not happen!! Data will be lost [ 140.183291][ T5371] [ 140.193256][ T5371] EXT4-fs (loop0): Total free blocks count 0 [ 140.199273][ T5371] EXT4-fs (loop0): Free/Dirty block details [ 140.205254][ T5371] EXT4-fs (loop0): free_blocks=2415919104 [ 140.211038][ T5371] EXT4-fs (loop0): dirty_blocks=16 [ 140.216156][ T5371] EXT4-fs (loop0): Block reservation details [ 140.222216][ T5371] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 140.286021][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5376 attached , child_tidptr=0x5555749a2690) = 5376 [pid 5376] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5376] chdir("./56") = 0 [pid 5376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5376] setpgid(0, 0) = 0 [pid 5376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5376] write(3, "1000", 4) = 4 [pid 5376] close(3) = 0 [pid 5376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5376] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5376] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5377 attached [pid 5377] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5376] <... clone3 resumed> => {parent_tid=[5377]}, 88) = 5377 [pid 5377] <... rseq resumed>) = 0 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], [pid 5377] set_robust_list(0x7f03761f79a0, 24 [pid 5376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5377] <... set_robust_list resumed>) = 0 [pid 5376] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], [pid 5376] <... futex resumed>) = 0 [pid 5377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5377] memfd_create("syzkaller", 0 [pid 5376] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5377] <... memfd_create resumed>) = 3 [pid 5377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5377] munmap(0x7f036dc00000, 138412032) = 0 [pid 5377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5377] close(3) = 0 [pid 5377] close(4) = 0 [pid 5377] mkdir("./bus", 0777) = 0 [ 140.525450][ T5377] loop0: detected capacity change from 0 to 2048 [pid 5377] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5377] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5377] chdir("./bus") = 0 [pid 5377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5377] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... futex resumed>) = 0 [pid 5377] <... futex resumed>) = 1 [pid 5376] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5376] <... futex resumed>) = 0 [pid 5377] <... openat resumed>) = 4 [pid 5376] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5377] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 140.570484][ T5377] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5377] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5376] <... futex resumed>) = 1 [pid 5377] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5376] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] <... openat resumed>) = 6 [pid 5377] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5377] write(6, "t", 1 [pid 5376] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] <... write resumed>) = 1 [pid 5377] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5377] sendfile(6, 5, NULL, 131071 [pid 5376] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 140.610337][ T29] audit: type=1804 audit(1714530409.415:268): pid=5377 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/56/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 140.634378][ T29] audit: type=1804 audit(1714530409.425:269): pid=5377 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/56/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 140.690725][ T5377] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 140.705760][ T5377] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 140.718274][ T5377] EXT4-fs (loop0): This should not happen!! Data will be lost [ 140.718274][ T5377] [ 140.728080][ T5377] EXT4-fs (loop0): Total free blocks count 0 [ 140.734128][ T5377] EXT4-fs (loop0): Free/Dirty block details [pid 5376] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5376] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5376] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5380]}, 88) = 5380 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5376] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5376] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5380 attached [pid 5380] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5380] set_robust_list(0x7f03761d69a0, 24 [pid 5377] <... sendfile resumed>) = 75 [pid 5380] <... set_robust_list resumed>) = 0 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5377] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5380] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] <... futex resumed>) = 0 [pid 5376] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5377] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5376] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] <... mmap resumed>) = 0x20000000 [ 140.740136][ T5377] EXT4-fs (loop0): free_blocks=2415919104 [ 140.746373][ T5377] EXT4-fs (loop0): dirty_blocks=16 [ 140.752006][ T5377] EXT4-fs (loop0): Block reservation details [ 140.758395][ T5377] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5377] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5377] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5376] <... futex resumed>) = 0 [pid 5377] pipe2( [pid 5376] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5377] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5377] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5376] <... futex resumed>) = 0 [pid 5377] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] exit_group(0 [pid 5380] <... futex resumed>) = ? [pid 5377] <... futex resumed>) = ? [pid 5376] <... exit_group resumed>) = ? [pid 5380] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ [pid 5376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5376, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 140.773649][ T29] audit: type=1804 audit(1714530409.585:270): pid=5380 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/56/bus/bus" dev="loop0" ino=18 res=1 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 140.875090][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./56/bus") = 0 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5381 attached , child_tidptr=0x5555749a2690) = 5381 [pid 5381] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5381] chdir("./57") = 0 [pid 5381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5381] setpgid(0, 0) = 0 [pid 5381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5381] write(3, "1000", 4) = 4 [pid 5381] close(3) = 0 [pid 5381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5381] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5381] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5382 attached [pid 5382] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5381] <... clone3 resumed> => {parent_tid=[5382]}, 88) = 5382 [pid 5382] set_robust_list(0x7f03761f79a0, 24 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5382] <... set_robust_list resumed>) = 0 [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] <... futex resumed>) = 0 [pid 5382] memfd_create("syzkaller", 0 [pid 5381] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5382] <... memfd_create resumed>) = 3 [pid 5382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5382] munmap(0x7f036dc00000, 138412032) = 0 [pid 5382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5382] close(3) = 0 [pid 5382] close(4) = 0 [pid 5382] mkdir("./bus", 0777) = 0 [ 141.195764][ T5382] loop0: detected capacity change from 0 to 2048 [pid 5382] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5382] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5382] chdir("./bus") = 0 [pid 5382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5382] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5382] <... futex resumed>) = 1 [pid 5381] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... openat resumed>) = 4 [pid 5382] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5381] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... openat resumed>) = 5 [pid 5381] <... futex resumed>) = 0 [ 141.244745][ T5382] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5382] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5381] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 141.287873][ T29] audit: type=1804 audit(1714530410.095:271): pid=5382 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/57/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5382] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5382] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5382] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] <... futex resumed>) = 0 [pid 5382] write(6, "t", 1 [pid 5381] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... write resumed>) = 1 [pid 5382] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5382] <... futex resumed>) = 1 [ 141.315280][ T29] audit: type=1804 audit(1714530410.125:272): pid=5382 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/57/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5382] sendfile(6, 5, NULL, 131071 [pid 5381] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5381] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5381] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5385 attached [pid 5385] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5381] <... clone3 resumed> => {parent_tid=[5385]}, 88) = 5385 [pid 5385] <... rseq resumed>) = 0 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] set_robust_list(0x7f03761d69a0, 24 [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] <... set_robust_list resumed>) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5385] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5381] <... futex resumed>) = 0 [pid 5385] <... open resumed>) = 7 [ 141.417930][ T5382] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 141.433230][ T5382] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 5381] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5381] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5385] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5381] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... mmap resumed>) = 0x20000000 [pid 5382] <... sendfile resumed>) = 75 [pid 5385] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5381] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] <... futex resumed>) = 1 [pid 5382] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] pipe2( [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5385] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5381] exit_group(0 [pid 5385] <... futex resumed>) = ? [pid 5381] <... exit_group resumed>) = ? [pid 5385] +++ exited with 0 +++ [pid 5382] <... futex resumed>) = ? [ 141.437524][ T29] audit: type=1804 audit(1714530410.245:273): pid=5385 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/57/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 141.447179][ T5382] EXT4-fs (loop0): This should not happen!! Data will be lost [ 141.447179][ T5382] [ 141.478832][ T5382] EXT4-fs (loop0): Total free blocks count 0 [ 141.484957][ T5382] EXT4-fs (loop0): Free/Dirty block details [ 141.492246][ T5382] EXT4-fs (loop0): free_blocks=2415919104 [ 141.497986][ T5382] EXT4-fs (loop0): dirty_blocks=16 [ 141.503239][ T5382] EXT4-fs (loop0): Block reservation details [ 141.509225][ T5382] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5382] +++ exited with 0 +++ [pid 5381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5381, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 141.613199][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5386 attached , child_tidptr=0x5555749a2690) = 5386 [pid 5386] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5386] chdir("./58") = 0 [pid 5386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5386] setpgid(0, 0) = 0 [pid 5386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5386] write(3, "1000", 4) = 4 [pid 5386] close(3) = 0 [pid 5386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5386] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5386] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5387 attached [pid 5387] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5386] <... clone3 resumed> => {parent_tid=[5387]}, 88) = 5387 [pid 5387] set_robust_list(0x7f03761f79a0, 24 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] <... set_robust_list resumed>) = 0 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] memfd_create("syzkaller", 0 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5387] <... memfd_create resumed>) = 3 [pid 5387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5387] munmap(0x7f036dc00000, 138412032) = 0 [pid 5387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5387] close(3) = 0 [pid 5387] close(4) = 0 [pid 5387] mkdir("./bus", 0777) = 0 [ 141.974042][ T5387] loop0: detected capacity change from 0 to 2048 [pid 5387] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5387] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5387] chdir("./bus") = 0 [pid 5387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5387] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5387] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [ 142.024791][ T5387] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5386] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... openat resumed>) = 4 [pid 5387] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5387] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5386] <... futex resumed>) = 0 [pid 5387] <... openat resumed>) = 5 [pid 5386] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5386] <... futex resumed>) = 1 [pid 5387] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5386] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... openat resumed>) = 6 [pid 5387] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] write(6, "t", 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... write resumed>) = 1 [pid 5387] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5387] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] <... futex resumed>) = 0 [pid 5387] sendfile(6, 5, NULL, 131071 [ 142.096423][ T29] audit: type=1804 audit(1714530410.905:274): pid=5387 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/58/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5386] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5386] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5386] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 142.168932][ T5387] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 142.184222][ T5387] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 142.196529][ T5387] EXT4-fs (loop0): This should not happen!! Data will be lost [ 142.196529][ T5387] [ 142.206247][ T5387] EXT4-fs (loop0): Total free blocks count 0 [ 142.212298][ T5387] EXT4-fs (loop0): Free/Dirty block details [pid 5386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5390 attached [pid 5390] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5390] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5386] <... clone3 resumed> => {parent_tid=[5390]}, 88) = 5390 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5386] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... open resumed>) = 7 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 1 [pid 5390] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5387] <... sendfile resumed>) = 75 [pid 5387] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5390] <... mmap resumed>) = 0x20000000 [pid 5390] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = 1 [pid 5386] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] <... futex resumed>) = 1 [pid 5387] <... futex resumed>) = 0 [pid 5387] pipe2( [pid 5386] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5387] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5387] <... futex resumed>) = 0 [pid 5387] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] exit_group(0 [pid 5390] <... futex resumed>) = ? [pid 5387] <... futex resumed>) = ? [pid 5387] +++ exited with 0 +++ [pid 5386] <... exit_group resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5386, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 142.218208][ T5387] EXT4-fs (loop0): free_blocks=2415919104 [ 142.224027][ T5387] EXT4-fs (loop0): dirty_blocks=16 [ 142.229194][ T5387] EXT4-fs (loop0): Block reservation details [ 142.235381][ T5387] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 142.322122][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./58/bus") = 0 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5391 attached , child_tidptr=0x5555749a2690) = 5391 [pid 5391] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5391] chdir("./59") = 0 [pid 5391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5391] setpgid(0, 0) = 0 [pid 5391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5391] write(3, "1000", 4) = 4 [pid 5391] close(3) = 0 [pid 5391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5391] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5391] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5392 attached [pid 5392] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5391] <... clone3 resumed> => {parent_tid=[5392]}, 88) = 5392 [pid 5392] <... rseq resumed>) = 0 [pid 5392] set_robust_list(0x7f03761f79a0, 24 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] <... set_robust_list resumed>) = 0 [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5391] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] memfd_create("syzkaller", 0 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5392] <... memfd_create resumed>) = 3 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5392] munmap(0x7f036dc00000, 138412032) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5392] close(3) = 0 [pid 5392] close(4) = 0 [pid 5392] mkdir("./bus", 0777) = 0 [ 142.669551][ T5392] loop0: detected capacity change from 0 to 2048 [pid 5392] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5392] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5392] chdir("./bus") = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5392] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] <... futex resumed>) = 0 [pid 5392] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [ 142.717444][ T5392] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5391] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... openat resumed>) = 4 [pid 5392] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5391] <... futex resumed>) = 0 [pid 5392] <... openat resumed>) = 5 [pid 5391] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] <... futex resumed>) = 0 [pid 5392] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5391] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... openat resumed>) = 6 [pid 5392] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] <... futex resumed>) = 0 [pid 5392] write(6, "t", 1 [pid 5391] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... write resumed>) = 1 [pid 5392] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] sendfile(6, 5, NULL, 131071 [pid 5391] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5391] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5391] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5395]}, 88) = 5395 ./strace-static-x86_64: Process 5395 attached [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] <... rseq resumed>) = 0 [pid 5391] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] set_robust_list(0x7f03761d69a0, 24 [pid 5391] <... futex resumed>) = 0 [pid 5395] <... set_robust_list resumed>) = 0 [pid 5391] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5395] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5395] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5391] <... futex resumed>) = 0 [ 142.844209][ T5392] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 142.859978][ T5392] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 142.872426][ T5392] EXT4-fs (loop0): This should not happen!! Data will be lost [ 142.872426][ T5392] [ 142.882216][ T5392] EXT4-fs (loop0): Total free blocks count 0 [ 142.888251][ T5392] EXT4-fs (loop0): Free/Dirty block details [pid 5391] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5395] <... mmap resumed>) = 0x20000000 [pid 5392] <... sendfile resumed>) = 75 [pid 5395] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5395] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] pipe2( [pid 5391] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=47000000} [pid 5392] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5392] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] exit_group(0 [pid 5392] <... futex resumed>) = ? [pid 5391] <... exit_group resumed>) = ? [pid 5392] +++ exited with 0 +++ [pid 5395] <... futex resumed>) = ? [pid 5395] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5391, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 142.894250][ T5392] EXT4-fs (loop0): free_blocks=2415919104 [ 142.900083][ T5392] EXT4-fs (loop0): dirty_blocks=16 [ 142.905224][ T5392] EXT4-fs (loop0): Block reservation details [ 142.911279][ T5392] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 143.011957][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./59/bus") = 0 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5396 attached , child_tidptr=0x5555749a2690) = 5396 [pid 5396] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5396] chdir("./60") = 0 [pid 5396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5396] setpgid(0, 0) = 0 [pid 5396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5396] write(3, "1000", 4) = 4 [pid 5396] close(3) = 0 [pid 5396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5396] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5396] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5397 attached => {parent_tid=[5397]}, 88) = 5397 [pid 5397] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5397] <... rseq resumed>) = 0 [pid 5397] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5396] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5397] memfd_create("syzkaller", 0 [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5397] <... memfd_create resumed>) = 3 [pid 5397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5397] munmap(0x7f036dc00000, 138412032) = 0 [pid 5397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5397] close(3) = 0 [pid 5397] close(4) = 0 [pid 5397] mkdir("./bus", 0777) = 0 [ 143.340271][ T5397] loop0: detected capacity change from 0 to 2048 [pid 5397] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5397] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5397] chdir("./bus") = 0 [pid 5397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5397] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5397] <... futex resumed>) = 1 [pid 5396] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5396] <... futex resumed>) = 0 [pid 5397] <... openat resumed>) = 4 [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5396] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... futex resumed>) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5397] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5397] <... openat resumed>) = 5 [pid 5397] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5397] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5396] <... futex resumed>) = 0 [pid 5397] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... openat resumed>) = 6 [pid 5397] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5397] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5396] <... futex resumed>) = 0 [pid 5397] write(6, "t", 1 [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... write resumed>) = 1 [pid 5397] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] <... futex resumed>) = 0 [pid 5396] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = 0 [pid 5397] sendfile(6, 5, NULL, 131071 [pid 5396] <... futex resumed>) = 1 [ 143.395647][ T5397] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5396] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5396] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 143.495750][ T5397] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 143.511097][ T5397] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 143.523430][ T5397] EXT4-fs (loop0): This should not happen!! Data will be lost [ 143.523430][ T5397] [ 143.534358][ T5397] EXT4-fs (loop0): Total free blocks count 0 [pid 5396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5400 attached => {parent_tid=[5400]}, 88) = 5400 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5396] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5400] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5400] rt_sigprocmask(SIG_SETMASK, [], [pid 5397] <... sendfile resumed>) = 75 [pid 5400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5400] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5397] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5400] <... open resumed>) = 7 [pid 5397] <... futex resumed>) = 0 [pid 5397] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5400] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5400] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5397] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] <... mmap resumed>) = 0x20000000 [pid 5397] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5397] pipe2( [pid 5396] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5396] <... futex resumed>) = 0 [ 143.540584][ T5397] EXT4-fs (loop0): Free/Dirty block details [ 143.547493][ T5397] EXT4-fs (loop0): free_blocks=2415919104 [ 143.553746][ T5397] EXT4-fs (loop0): dirty_blocks=16 [ 143.558879][ T5397] EXT4-fs (loop0): Block reservation details [ 143.565236][ T5397] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5396] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5397] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5397] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5396] exit_group(0 [pid 5397] <... futex resumed>) = ? [pid 5396] <... exit_group resumed>) = ? [pid 5400] <... futex resumed>) = ? [pid 5397] +++ exited with 0 +++ [pid 5400] +++ exited with 0 +++ [pid 5396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5396, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 143.681109][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5401 attached , child_tidptr=0x5555749a2690) = 5401 [pid 5401] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5401] chdir("./61") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5401] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5402 attached => {parent_tid=[5402]}, 88) = 5402 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5401] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] set_robust_list(0x7f03761f79a0, 24 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... set_robust_list resumed>) = 0 [pid 5401] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] memfd_create("syzkaller", 0) = 3 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5402] munmap(0x7f036dc00000, 138412032) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5402] close(3) = 0 [pid 5402] close(4) = 0 [pid 5402] mkdir("./bus", 0777) = 0 [ 144.034577][ T5402] loop0: detected capacity change from 0 to 2048 [pid 5402] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5402] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5402] chdir("./bus") = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5402] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5401] <... futex resumed>) = 0 [pid 5402] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5401] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... openat resumed>) = 4 [pid 5402] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5401] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... openat resumed>) = 5 [pid 5402] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5402] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5401] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] write(6, "t", 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... write resumed>) = 1 [pid 5402] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5401] <... futex resumed>) = 0 [pid 5402] sendfile(6, 5, NULL, 131071 [ 144.084683][ T5402] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5401] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5401] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 144.186670][ T5402] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 144.202309][ T5402] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 144.214682][ T5402] EXT4-fs (loop0): This should not happen!! Data will be lost [ 144.214682][ T5402] [ 144.224411][ T5402] EXT4-fs (loop0): Total free blocks count 0 [ 144.230584][ T5402] EXT4-fs (loop0): Free/Dirty block details [pid 5401] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5405]}, 88) = 5405 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5401] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5405 attached ) = 0 [pid 5401] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5402] <... sendfile resumed>) = 75 [pid 5405] <... rseq resumed>) = 0 [pid 5405] set_robust_list(0x7f03761d69a0, 24 [pid 5402] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... set_robust_list resumed>) = 0 [pid 5402] <... futex resumed>) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], [pid 5402] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5405] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5405] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 1 [pid 5402] pipe2(0x20000240, 0) = 0 [pid 5402] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] exit_group(0 [pid 5405] <... futex resumed>) = ? [pid 5401] <... exit_group resumed>) = ? [pid 5405] +++ exited with 0 +++ [pid 5402] <... futex resumed>) = ? [ 144.236527][ T5402] EXT4-fs (loop0): free_blocks=2415919104 [ 144.242355][ T5402] EXT4-fs (loop0): dirty_blocks=16 [ 144.247562][ T5402] EXT4-fs (loop0): Block reservation details [ 144.253737][ T5402] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5402] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 144.356526][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5406 attached , child_tidptr=0x5555749a2690) = 5406 [pid 5406] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5406] chdir("./62") = 0 [pid 5406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5406] setpgid(0, 0) = 0 [pid 5406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5406] write(3, "1000", 4) = 4 [pid 5406] close(3) = 0 [pid 5406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5406] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5406] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5407 attached [pid 5407] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5406] <... clone3 resumed> => {parent_tid=[5407]}, 88) = 5407 [pid 5407] <... rseq resumed>) = 0 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] set_robust_list(0x7f03761f79a0, 24 [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] <... set_robust_list resumed>) = 0 [pid 5406] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5406] <... futex resumed>) = 0 [pid 5407] memfd_create("syzkaller", 0 [pid 5406] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5407] <... memfd_create resumed>) = 3 [pid 5407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5407] munmap(0x7f036dc00000, 138412032) = 0 [pid 5407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5407] close(3) = 0 [pid 5407] close(4) = 0 [pid 5407] mkdir("./bus", 0777) = 0 [ 144.702738][ T5407] loop0: detected capacity change from 0 to 2048 [pid 5407] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5407] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5407] chdir("./bus") = 0 [pid 5407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5407] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] <... futex resumed>) = 0 [pid 5407] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5406] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... openat resumed>) = 4 [pid 5407] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5406] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... openat resumed>) = 5 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5406] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... openat resumed>) = 6 [ 144.754767][ T5407] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5407] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5406] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] write(6, "t", 1 [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... write resumed>) = 1 [pid 5407] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] <... futex resumed>) = 0 [pid 5407] sendfile(6, 5, NULL, 131071 [pid 5406] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5406] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5406] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 144.873046][ T5407] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 144.889242][ T5407] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 144.901674][ T5407] EXT4-fs (loop0): This should not happen!! Data will be lost [ 144.901674][ T5407] [ 144.911895][ T5407] EXT4-fs (loop0): Total free blocks count 0 [pid 5406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5410 attached => {parent_tid=[5410]}, 88) = 5410 [pid 5410] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] <... sendfile resumed>) = 75 [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] set_robust_list(0x7f03761d69a0, 24 [pid 5407] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... set_robust_list resumed>) = 0 [pid 5407] <... futex resumed>) = 0 [pid 5406] <... futex resumed>) = 0 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5406] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5410] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5410] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5410] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5406] <... futex resumed>) = 1 [pid 5407] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5406] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... mmap resumed>) = 0x20000000 [pid 5407] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] pipe2( [pid 5406] <... futex resumed>) = 0 [pid 5407] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5406] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] exit_group(0 [pid 5407] <... futex resumed>) = ? [pid 5406] <... exit_group resumed>) = ? [pid 5410] <... futex resumed>) = ? [pid 5407] +++ exited with 0 +++ [ 144.917907][ T5407] EXT4-fs (loop0): Free/Dirty block details [ 144.924248][ T5407] EXT4-fs (loop0): free_blocks=2415919104 [ 144.929992][ T5407] EXT4-fs (loop0): dirty_blocks=16 [ 144.935776][ T5407] EXT4-fs (loop0): Block reservation details [ 144.941949][ T5407] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5410] +++ exited with 0 +++ [pid 5406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5406, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 [ 145.031698][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5411 attached , child_tidptr=0x5555749a2690) = 5411 [pid 5411] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5411] chdir("./63") = 0 [pid 5411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5411] setpgid(0, 0) = 0 [pid 5411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5411] write(3, "1000", 4) = 4 [pid 5411] close(3) = 0 [pid 5411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5411] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5411] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5412 attached [pid 5412] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5411] <... clone3 resumed> => {parent_tid=[5412]}, 88) = 5412 [pid 5412] set_robust_list(0x7f03761f79a0, 24 [pid 5411] rt_sigprocmask(SIG_SETMASK, [], [pid 5412] <... set_robust_list resumed>) = 0 [pid 5412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5412] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5411] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5411] <... futex resumed>) = 1 [pid 5411] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5412] memfd_create("syzkaller", 0) = 3 [pid 5412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5412] munmap(0x7f036dc00000, 138412032) = 0 [pid 5412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5412] close(3) = 0 [pid 5412] close(4) = 0 [pid 5412] mkdir("./bus", 0777) = 0 [ 145.296308][ T5412] loop0: detected capacity change from 0 to 2048 [pid 5412] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5412] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5412] chdir("./bus") = 0 [pid 5412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5412] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5412] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5411] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... openat resumed>) = 4 [pid 5412] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5412] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5411] <... futex resumed>) = 0 [pid 5412] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5411] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... openat resumed>) = 5 [ 145.345021][ T5412] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5412] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] <... futex resumed>) = 0 [pid 5411] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5411] <... futex resumed>) = 1 [pid 5412] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5411] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] <... openat resumed>) = 6 [pid 5412] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5412] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5411] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] write(6, "t", 1) = 1 [pid 5412] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5412] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] <... futex resumed>) = 0 [pid 5411] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = 0 [pid 5411] <... futex resumed>) = 1 [pid 5412] sendfile(6, 5, NULL, 131071 [ 145.395476][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 145.395499][ T29] audit: type=1804 audit(1714530414.205:289): pid=5412 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/63/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 145.425667][ T29] audit: type=1804 audit(1714530414.215:290): pid=5412 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/63/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5411] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5411] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5411] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 145.479377][ T5412] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 145.494600][ T5412] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 145.507038][ T5412] EXT4-fs (loop0): This should not happen!! Data will be lost [ 145.507038][ T5412] [ 145.516923][ T5412] EXT4-fs (loop0): Total free blocks count 0 [ 145.522967][ T5412] EXT4-fs (loop0): Free/Dirty block details [pid 5411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5415 attached [pid 5415] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5415] set_robust_list(0x7f03761d69a0, 24 [pid 5411] <... clone3 resumed> => {parent_tid=[5415]}, 88) = 5415 [pid 5415] <... set_robust_list resumed>) = 0 [pid 5411] rt_sigprocmask(SIG_SETMASK, [], [pid 5415] rt_sigprocmask(SIG_SETMASK, [], [pid 5411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5411] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5411] <... futex resumed>) = 0 [pid 5415] <... open resumed>) = 7 [pid 5411] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... sendfile resumed>) = 75 [pid 5415] <... futex resumed>) = 1 [pid 5412] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = 0 [pid 5411] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5415] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5412] <... futex resumed>) = 0 [pid 5411] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5412] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5411] <... futex resumed>) = 0 [pid 5412] pipe2(0x20000240, 0) = 0 [pid 5411] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5412] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5412] <... futex resumed>) = 0 [pid 5411] exit_group(0 [pid 5415] <... futex resumed>) = ? [pid 5411] <... exit_group resumed>) = ? [pid 5415] +++ exited with 0 +++ [pid 5412] +++ exited with 0 +++ [pid 5411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5411, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 145.528888][ T5412] EXT4-fs (loop0): free_blocks=2415919104 [ 145.534718][ T5412] EXT4-fs (loop0): dirty_blocks=16 [ 145.539863][ T5412] EXT4-fs (loop0): Block reservation details [ 145.545931][ T5412] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 145.551940][ T29] audit: type=1804 audit(1714530414.365:291): pid=5415 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/63/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 145.639764][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5416 attached , child_tidptr=0x5555749a2690) = 5416 [pid 5416] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5416] chdir("./64") = 0 [pid 5416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5416] setpgid(0, 0) = 0 [pid 5416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5416] write(3, "1000", 4) = 4 [pid 5416] close(3) = 0 [pid 5416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5416] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5416] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5417 attached [pid 5417] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5416] <... clone3 resumed> => {parent_tid=[5417]}, 88) = 5417 [pid 5417] set_robust_list(0x7f03761f79a0, 24 [pid 5416] rt_sigprocmask(SIG_SETMASK, [], [pid 5417] <... set_robust_list resumed>) = 0 [pid 5416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5417] rt_sigprocmask(SIG_SETMASK, [], [pid 5416] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5416] <... futex resumed>) = 0 [pid 5417] memfd_create("syzkaller", 0 [pid 5416] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5417] <... memfd_create resumed>) = 3 [pid 5417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5417] munmap(0x7f036dc00000, 138412032) = 0 [pid 5417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5417] close(3) = 0 [pid 5417] close(4) = 0 [pid 5417] mkdir("./bus", 0777) = 0 [ 145.957593][ T5417] loop0: detected capacity change from 0 to 2048 [pid 5417] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5417] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5417] chdir("./bus") = 0 [pid 5417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5417] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5416] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5416] <... futex resumed>) = 0 [pid 5417] <... openat resumed>) = 4 [pid 5416] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5417] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5416] <... futex resumed>) = 0 [pid 5417] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5416] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... openat resumed>) = 5 [ 146.015279][ T5417] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5417] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5416] <... futex resumed>) = 0 [pid 5417] <... openat resumed>) = 6 [pid 5416] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5416] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] write(6, "t", 1 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... write resumed>) = 1 [pid 5417] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5417] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5416] <... futex resumed>) = 0 [pid 5417] sendfile(6, 5, NULL, 131071 [ 146.055464][ T29] audit: type=1804 audit(1714530414.865:292): pid=5417 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/64/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 146.079650][ T29] audit: type=1804 audit(1714530414.875:293): pid=5417 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/64/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5416] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5416] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5416] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5420]}, 88) = 5420 ./strace-static-x86_64: Process 5420 attached [pid 5416] rt_sigprocmask(SIG_SETMASK, [], [pid 5420] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5420] <... rseq resumed>) = 0 [pid 5416] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5416] <... futex resumed>) = 0 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], [pid 5416] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5420] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 146.132907][ T5417] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 146.148347][ T5417] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 146.160748][ T5417] EXT4-fs (loop0): This should not happen!! Data will be lost [ 146.160748][ T5417] [pid 5420] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5416] <... futex resumed>) = 1 [pid 5420] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5416] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... mmap resumed>) = 0x20000000 [pid 5420] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5417] <... sendfile resumed>) = 75 [pid 5416] <... futex resumed>) = 0 [pid 5420] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5417] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5420] pipe2( [pid 5416] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5417] <... futex resumed>) = 0 [pid 5420] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5420] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] exit_group(0 [pid 5420] <... futex resumed>) = ? [pid 5416] <... exit_group resumed>) = ? [pid 5420] +++ exited with 0 +++ [pid 5417] +++ exited with 0 +++ [pid 5416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5416, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.169192][ T29] audit: type=1804 audit(1714530414.975:294): pid=5420 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/64/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 146.171686][ T5417] EXT4-fs (loop0): Total free blocks count 0 [ 146.200534][ T5417] EXT4-fs (loop0): Free/Dirty block details [ 146.206794][ T5417] EXT4-fs (loop0): free_blocks=2415919104 [ 146.212656][ T5417] EXT4-fs (loop0): dirty_blocks=16 [ 146.217814][ T5417] EXT4-fs (loop0): Block reservation details [ 146.223881][ T5417] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 146.318750][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5421 attached , child_tidptr=0x5555749a2690) = 5421 [pid 5421] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5421] chdir("./65") = 0 [pid 5421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5421] setpgid(0, 0) = 0 [pid 5421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5421] write(3, "1000", 4) = 4 [pid 5421] close(3) = 0 [pid 5421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5421] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5421] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5422 attached [pid 5422] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5421] <... clone3 resumed> => {parent_tid=[5422]}, 88) = 5422 [pid 5422] <... rseq resumed>) = 0 [pid 5421] rt_sigprocmask(SIG_SETMASK, [], [pid 5422] set_robust_list(0x7f03761f79a0, 24 [pid 5421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5422] <... set_robust_list resumed>) = 0 [pid 5421] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5421] <... futex resumed>) = 0 [pid 5422] memfd_create("syzkaller", 0 [pid 5421] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5422] <... memfd_create resumed>) = 3 [pid 5422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5422] munmap(0x7f036dc00000, 138412032) = 0 [pid 5422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5422] close(3) = 0 [pid 5422] close(4) = 0 [pid 5422] mkdir("./bus", 0777) = 0 [ 146.561382][ T5422] loop0: detected capacity change from 0 to 2048 [pid 5422] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5422] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5422] chdir("./bus") = 0 [pid 5422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5422] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5422] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5421] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... openat resumed>) = 4 [pid 5422] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5422] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 146.615578][ T5422] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5422] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5422] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5422] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5421] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... openat resumed>) = 6 [pid 5422] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5422] write(6, "t", 1 [pid 5421] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] <... write resumed>) = 1 [pid 5422] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] <... futex resumed>) = 0 [pid 5421] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5421] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] sendfile(6, 5, NULL, 131071 [pid 5421] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5421] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5421] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 146.665178][ T29] audit: type=1804 audit(1714530415.475:295): pid=5422 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/65/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 146.689496][ T29] audit: type=1804 audit(1714530415.475:296): pid=5422 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/65/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5425 attached => {parent_tid=[5425]}, 88) = 5425 [pid 5425] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5421] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] <... rseq resumed>) = 0 [pid 5425] set_robust_list(0x7f03761d69a0, 24 [pid 5421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5425] <... set_robust_list resumed>) = 0 [pid 5421] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5421] <... futex resumed>) = 0 [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5421] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5425] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5421] <... futex resumed>) = 0 [pid 5425] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5421] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.754439][ T29] audit: type=1804 audit(1714530415.565:297): pid=5425 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/65/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 146.765774][ T5422] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 5421] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5421] futex(0x7f03762c96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5425] <... mmap resumed>) = 0x20000000 [pid 5422] <... sendfile resumed>) = 75 [pid 5421] <... mmap resumed>) = 0x7f0376195000 [pid 5425] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] mprotect(0x7f0376196000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761b5990, parent_tid=0x7f03761b5990, exit_signal=0, stack=0x7f0376195000, stack_size=0x20300, tls=0x7f03761b56c0}./strace-static-x86_64: Process 5426 attached [pid 5426] rseq(0x7f03761b5fe0, 0x20, 0, 0x53053053) = 0 [pid 5426] set_robust_list(0x7f03761b59a0, 24) = 0 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5421] <... clone3 resumed> => {parent_tid=[5426]}, 88) = 5426 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5426] futex(0x7f03762c96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5421] futex(0x7f03762c96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5426] pipe2( [pid 5421] futex(0x7f03762c96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5426] futex(0x7f03762c96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 0 [pid 5426] <... futex resumed>) = 1 [pid 5425] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] <... futex resumed>) = 0 [pid 5426] futex(0x7f03762c96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5421] exit_group(0 [pid 5426] <... futex resumed>) = ? [pid 5425] <... futex resumed>) = ? [pid 5422] <... futex resumed>) = ? [pid 5421] <... exit_group resumed>) = ? [pid 5426] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ [ 146.793077][ T5422] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 146.806285][ T5422] EXT4-fs (loop0): This should not happen!! Data will be lost [ 146.806285][ T5422] [ 146.816448][ T5422] EXT4-fs (loop0): Total free blocks count 0 [ 146.822679][ T5422] EXT4-fs (loop0): Free/Dirty block details [ 146.828622][ T5422] EXT4-fs (loop0): free_blocks=2415919104 [ 146.834993][ T5422] EXT4-fs (loop0): dirty_blocks=16 [ 146.840342][ T5422] EXT4-fs (loop0): Block reservation details [ 146.846450][ T5422] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5422] +++ exited with 0 +++ [pid 5421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5421, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 146.922911][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5427 attached , child_tidptr=0x5555749a2690) = 5427 [pid 5427] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5427] chdir("./66") = 0 [pid 5427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5427] setpgid(0, 0) = 0 [pid 5427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5427] write(3, "1000", 4) = 4 [pid 5427] close(3) = 0 [pid 5427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5427] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5427] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5428 attached [pid 5428] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5427] <... clone3 resumed> => {parent_tid=[5428]}, 88) = 5428 [pid 5428] set_robust_list(0x7f03761f79a0, 24 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], [pid 5428] <... set_robust_list resumed>) = 0 [pid 5427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] rt_sigprocmask(SIG_SETMASK, [], [pid 5427] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5427] <... futex resumed>) = 0 [pid 5428] memfd_create("syzkaller", 0 [pid 5427] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5428] <... memfd_create resumed>) = 3 [pid 5428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5428] munmap(0x7f036dc00000, 138412032) = 0 [pid 5428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5428] close(3) = 0 [pid 5428] close(4) = 0 [pid 5428] mkdir("./bus", 0777) = 0 [ 147.237884][ T5428] loop0: detected capacity change from 0 to 2048 [pid 5428] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5428] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5428] chdir("./bus") = 0 [pid 5428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5428] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5428] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... openat resumed>) = 4 [pid 5428] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5427] <... futex resumed>) = 1 [pid 5428] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5427] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... openat resumed>) = 5 [ 147.301574][ T5428] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5428] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5427] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... openat resumed>) = 6 [pid 5428] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5428] write(6, "t", 1 [pid 5427] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... write resumed>) = 1 [pid 5428] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] <... futex resumed>) = 0 [pid 5427] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5427] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 147.361280][ T29] audit: type=1804 audit(1714530416.175:298): pid=5428 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/66/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5428] sendfile(6, 5, NULL, 131071 [pid 5427] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5427] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5427] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5432]}, 88) = 5432 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5427] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5432 attached ) = 0 [pid 5427] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 147.437142][ T5428] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 147.452921][ T5428] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 147.465319][ T5428] EXT4-fs (loop0): This should not happen!! Data will be lost [ 147.465319][ T5428] [ 147.475076][ T5428] EXT4-fs (loop0): Total free blocks count 0 [ 147.481311][ T5428] EXT4-fs (loop0): Free/Dirty block details [pid 5432] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5432] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5432] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5432] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... sendfile resumed>) = 75 [pid 5427] <... futex resumed>) = 0 [pid 5432] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5428] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... mmap resumed>) = 0x20000000 [pid 5432] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5427] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = 0 [pid 5427] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] pipe2(0x20000240, 0) = 0 [pid 5428] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] <... futex resumed>) = 0 [pid 5428] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] exit_group(0) = ? [pid 5432] <... futex resumed>) = ? [pid 5428] <... futex resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5428] +++ exited with 0 +++ [pid 5427] +++ exited with 0 +++ [ 147.487379][ T5428] EXT4-fs (loop0): free_blocks=2415919104 [ 147.493329][ T5428] EXT4-fs (loop0): dirty_blocks=16 [ 147.498539][ T5428] EXT4-fs (loop0): Block reservation details [ 147.504717][ T5428] EXT4-fs (loop0): i_reserved_data_blocks=1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5427, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 147.593585][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5433 attached , child_tidptr=0x5555749a2690) = 5433 [pid 5433] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5433] chdir("./67") = 0 [pid 5433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5433] setpgid(0, 0) = 0 [pid 5433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5433] write(3, "1000", 4) = 4 [pid 5433] close(3) = 0 [pid 5433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5433] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5433] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5434 attached [pid 5434] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5433] <... clone3 resumed> => {parent_tid=[5434]}, 88) = 5434 [pid 5434] set_robust_list(0x7f03761f79a0, 24 [pid 5433] rt_sigprocmask(SIG_SETMASK, [], [pid 5434] <... set_robust_list resumed>) = 0 [pid 5433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5434] rt_sigprocmask(SIG_SETMASK, [], [pid 5433] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5433] <... futex resumed>) = 0 [pid 5434] memfd_create("syzkaller", 0 [pid 5433] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5434] <... memfd_create resumed>) = 3 [pid 5434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5434] munmap(0x7f036dc00000, 138412032) = 0 [pid 5434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5434] close(3) = 0 [pid 5434] close(4) = 0 [pid 5434] mkdir("./bus", 0777) = 0 [ 147.986852][ T5434] loop0: detected capacity change from 0 to 2048 [pid 5434] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5434] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5434] chdir("./bus") = 0 [pid 5434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5434] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] <... futex resumed>) = 0 [pid 5434] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5433] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... openat resumed>) = 4 [pid 5434] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5434] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5433] <... futex resumed>) = 0 [pid 5434] <... openat resumed>) = 5 [pid 5434] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5434] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] <... futex resumed>) = 0 [pid 5434] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5433] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... openat resumed>) = 6 [ 148.037973][ T5434] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5434] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] write(6, "t", 1 [pid 5433] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] <... write resumed>) = 1 [pid 5434] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5433] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] <... futex resumed>) = 0 [pid 5434] sendfile(6, 5, NULL, 131071 [pid 5433] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5433] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5433] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 148.146972][ T5434] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 148.162411][ T5434] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 148.174936][ T5434] EXT4-fs (loop0): This should not happen!! Data will be lost [ 148.174936][ T5434] [ 148.184714][ T5434] EXT4-fs (loop0): Total free blocks count 0 [ 148.190962][ T5434] EXT4-fs (loop0): Free/Dirty block details [pid 5433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5437]}, 88) = 5437 [pid 5433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5433] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5433] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5437 attached [pid 5437] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5437] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5437] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5437] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5433] <... futex resumed>) = 0 [pid 5433] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... mmap resumed>) = 0x20000000 [pid 5434] <... sendfile resumed>) = 75 [pid 5437] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 1 [pid 5433] <... futex resumed>) = 0 [pid 5434] <... futex resumed>) = 0 [pid 5437] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5434] pipe2( [pid 5433] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5433] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 0 [pid 5433] exit_group(0 [pid 5437] <... futex resumed>) = ? [pid 5433] <... exit_group resumed>) = ? [pid 5437] +++ exited with 0 +++ [pid 5434] <... futex resumed>) = ? [pid 5434] +++ exited with 0 +++ [pid 5433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5433, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 148.196895][ T5434] EXT4-fs (loop0): free_blocks=2415919104 [ 148.202738][ T5434] EXT4-fs (loop0): dirty_blocks=16 [ 148.207900][ T5434] EXT4-fs (loop0): Block reservation details [ 148.214108][ T5434] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.265786][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5438 ./strace-static-x86_64: Process 5438 attached [pid 5438] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5438] chdir("./68") = 0 [pid 5438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5438] setpgid(0, 0) = 0 [pid 5438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5438] write(3, "1000", 4) = 4 [pid 5438] close(3) = 0 [pid 5438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5438] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5438] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5439 attached => {parent_tid=[5439]}, 88) = 5439 [pid 5439] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5439] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5439] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5439] memfd_create("syzkaller", 0 [pid 5438] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5439] <... memfd_create resumed>) = 3 [pid 5439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5439] munmap(0x7f036dc00000, 138412032) = 0 [pid 5439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5439] close(3) = 0 [pid 5439] close(4) = 0 [pid 5439] mkdir("./bus", 0777) = 0 [ 148.598488][ T5439] loop0: detected capacity change from 0 to 2048 [pid 5439] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5439] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5439] chdir("./bus") = 0 [pid 5439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5439] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5438] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... openat resumed>) = 4 [pid 5439] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5438] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... openat resumed>) = 5 [pid 5439] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5438] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... openat resumed>) = 6 [pid 5439] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] write(6, "t", 1 [pid 5438] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... write resumed>) = 1 [pid 5439] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5439] <... futex resumed>) = 1 [pid 5438] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] sendfile(6, 5, NULL, 131071 [pid 5438] <... futex resumed>) = 0 [ 148.645544][ T5439] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5438] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5438] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5438] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5442 attached [ 148.747663][ T5439] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 148.763898][ T5439] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 148.776413][ T5439] EXT4-fs (loop0): This should not happen!! Data will be lost [ 148.776413][ T5439] [ 148.787304][ T5439] EXT4-fs (loop0): Total free blocks count 0 [pid 5442] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5442] set_robust_list(0x7f03761d69a0, 24 [pid 5438] <... clone3 resumed> => {parent_tid=[5442]}, 88) = 5442 [pid 5442] <... set_robust_list resumed>) = 0 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5442] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5438] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5442] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5442] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] <... futex resumed>) = 1 [pid 5438] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5442] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5438] <... futex resumed>) = 1 [pid 5438] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... mmap resumed>) = 0x20000000 [pid 5439] <... sendfile resumed>) = 75 [pid 5442] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 1 [pid 5439] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 0 [pid 5442] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5439] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] pipe2( [pid 5438] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5439] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5438] exit_group(0 [pid 5442] <... futex resumed>) = ? [pid 5439] <... futex resumed>) = ? [pid 5438] <... exit_group resumed>) = ? [pid 5442] +++ exited with 0 +++ [pid 5439] +++ exited with 0 +++ [pid 5438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5438, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 148.794559][ T5439] EXT4-fs (loop0): Free/Dirty block details [ 148.800762][ T5439] EXT4-fs (loop0): free_blocks=2415919104 [ 148.806636][ T5439] EXT4-fs (loop0): dirty_blocks=16 [ 148.811942][ T5439] EXT4-fs (loop0): Block reservation details [ 148.818071][ T5439] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.858264][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5443 attached , child_tidptr=0x5555749a2690) = 5443 [pid 5443] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5443] chdir("./69") = 0 [pid 5443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5443] setpgid(0, 0) = 0 [pid 5443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5443] write(3, "1000", 4) = 4 [pid 5443] close(3) = 0 [pid 5443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5443] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5443] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5444 attached [pid 5444] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5443] <... clone3 resumed> => {parent_tid=[5444]}, 88) = 5444 [pid 5444] set_robust_list(0x7f03761f79a0, 24 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], [pid 5444] <... set_robust_list resumed>) = 0 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5443] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] memfd_create("syzkaller", 0 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5444] <... memfd_create resumed>) = 3 [pid 5444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5444] munmap(0x7f036dc00000, 138412032) = 0 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5444] close(3) = 0 [pid 5444] close(4) = 0 [pid 5444] mkdir("./bus", 0777) = 0 [ 149.219869][ T5444] loop0: detected capacity change from 0 to 2048 [pid 5444] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5444] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5444] chdir("./bus") = 0 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5444] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5443] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... openat resumed>) = 4 [ 149.275044][ T5444] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5444] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5444] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5443] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... openat resumed>) = 5 [pid 5444] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5444] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5443] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... openat resumed>) = 6 [pid 5444] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5443] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] write(6, "t", 1 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... write resumed>) = 1 [pid 5444] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5443] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] sendfile(6, 5, NULL, 131071 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5443] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5443] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 149.414163][ T5444] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 149.429877][ T5444] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 149.442224][ T5444] EXT4-fs (loop0): This should not happen!! Data will be lost [ 149.442224][ T5444] [ 149.451944][ T5444] EXT4-fs (loop0): Total free blocks count 0 [ 149.458047][ T5444] EXT4-fs (loop0): Free/Dirty block details [pid 5443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5447 attached => {parent_tid=[5447]}, 88) = 5447 [pid 5447] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5447] set_robust_list(0x7f03761d69a0, 24 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], [pid 5447] <... set_robust_list resumed>) = 0 [pid 5443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5447] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5443] <... futex resumed>) = 0 [pid 5447] <... open resumed>) = 7 [pid 5444] <... sendfile resumed>) = 75 [pid 5443] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5447] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... futex resumed>) = 0 [pid 5444] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5444] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5444] pipe2( [pid 5443] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5444] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] exit_group(0 [pid 5444] <... futex resumed>) = ? [pid 5443] <... exit_group resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5447] <... futex resumed>) = ? [pid 5447] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5443, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [ 149.464024][ T5444] EXT4-fs (loop0): free_blocks=2415919104 [ 149.469863][ T5444] EXT4-fs (loop0): dirty_blocks=16 [ 149.475144][ T5444] EXT4-fs (loop0): Block reservation details [ 149.481201][ T5444] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 149.557184][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5448 ./strace-static-x86_64: Process 5448 attached [pid 5448] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5448] chdir("./70") = 0 [pid 5448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5448] setpgid(0, 0) = 0 [pid 5448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5448] write(3, "1000", 4) = 4 [pid 5448] close(3) = 0 [pid 5448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5448] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5448] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5449 attached [pid 5449] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5449] set_robust_list(0x7f03761f79a0, 24 [pid 5448] <... clone3 resumed> => {parent_tid=[5449]}, 88) = 5449 [pid 5449] <... set_robust_list resumed>) = 0 [pid 5448] rt_sigprocmask(SIG_SETMASK, [], [pid 5449] rt_sigprocmask(SIG_SETMASK, [], [pid 5448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5448] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] memfd_create("syzkaller", 0 [pid 5448] <... futex resumed>) = 0 [pid 5449] <... memfd_create resumed>) = 3 [pid 5448] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5449] munmap(0x7f036dc00000, 138412032) = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5449] close(3) = 0 [pid 5449] close(4) = 0 [pid 5449] mkdir("./bus", 0777) = 0 [ 149.905217][ T5449] loop0: detected capacity change from 0 to 2048 [pid 5449] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5449] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5449] chdir("./bus") = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5449] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5448] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... openat resumed>) = 4 [pid 5449] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5448] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... openat resumed>) = 5 [pid 5449] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5449] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5448] <... futex resumed>) = 0 [ 149.951721][ T5449] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5448] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... openat resumed>) = 6 [pid 5449] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5449] <... futex resumed>) = 1 [pid 5448] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] write(6, "t", 1 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... write resumed>) = 1 [pid 5449] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5449] <... futex resumed>) = 1 [pid 5448] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] sendfile(6, 5, NULL, 131071 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5448] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5448] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5452 attached [pid 5452] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5448] <... clone3 resumed> => {parent_tid=[5452]}, 88) = 5452 [pid 5452] <... rseq resumed>) = 0 [pid 5448] rt_sigprocmask(SIG_SETMASK, [], [pid 5452] set_robust_list(0x7f03761d69a0, 24 [pid 5448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5452] <... set_robust_list resumed>) = 0 [pid 5448] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] rt_sigprocmask(SIG_SETMASK, [], [pid 5448] <... futex resumed>) = 0 [pid 5452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5448] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 150.066970][ T5449] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 150.083476][ T5449] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 150.096108][ T5449] EXT4-fs (loop0): This should not happen!! Data will be lost [ 150.096108][ T5449] [ 150.105942][ T5449] EXT4-fs (loop0): Total free blocks count 0 [pid 5452] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5452] <... futex resumed>) = 1 [pid 5452] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5452] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5452] <... futex resumed>) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5452] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] <... futex resumed>) = 0 [pid 5448] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] pipe2( [pid 5448] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5449] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] exit_group(0 [pid 5449] <... futex resumed>) = ? [pid 5448] <... exit_group resumed>) = ? [pid 5449] +++ exited with 0 +++ [pid 5452] <... futex resumed>) = ? [pid 5452] +++ exited with 0 +++ [pid 5448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5448, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 150.112350][ T5449] EXT4-fs (loop0): Free/Dirty block details [ 150.119574][ T5449] EXT4-fs (loop0): free_blocks=2415919104 [ 150.126054][ T5449] EXT4-fs (loop0): dirty_blocks=16 [ 150.131631][ T5449] EXT4-fs (loop0): Block reservation details [ 150.137658][ T5449] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 150.228784][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./70/bus") = 0 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5453 attached , child_tidptr=0x5555749a2690) = 5453 [pid 5453] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5453] chdir("./71") = 0 [pid 5453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5453] setpgid(0, 0) = 0 [pid 5453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5453] write(3, "1000", 4) = 4 [pid 5453] close(3) = 0 [pid 5453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5453] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5453] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5454 attached [pid 5454] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5453] <... clone3 resumed> => {parent_tid=[5454]}, 88) = 5454 [pid 5454] <... rseq resumed>) = 0 [pid 5454] set_robust_list(0x7f03761f79a0, 24 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], [pid 5454] <... set_robust_list resumed>) = 0 [pid 5453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5454] rt_sigprocmask(SIG_SETMASK, [], [pid 5453] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5453] <... futex resumed>) = 0 [pid 5454] memfd_create("syzkaller", 0 [pid 5453] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5454] <... memfd_create resumed>) = 3 [pid 5454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5454] munmap(0x7f036dc00000, 138412032) = 0 [pid 5454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5454] close(3) = 0 [pid 5454] close(4) = 0 [pid 5454] mkdir("./bus", 0777) = 0 [ 150.551817][ T5454] loop0: detected capacity change from 0 to 2048 [pid 5454] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5454] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5454] chdir("./bus") = 0 [pid 5454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5454] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5453] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... openat resumed>) = 4 [ 150.595943][ T5454] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5454] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 1 [pid 5453] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... openat resumed>) = 6 [ 150.669744][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 150.669768][ T29] audit: type=1804 audit(1714530419.475:313): pid=5454 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/71/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5454] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 0 [pid 5453] <... futex resumed>) = 1 [pid 5454] write(6, "t", 1 [pid 5453] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... write resumed>) = 1 [pid 5454] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5453] <... futex resumed>) = 0 [pid 5454] sendfile(6, 5, NULL, 131071 [ 150.702471][ T29] audit: type=1804 audit(1714530419.515:314): pid=5454 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/71/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5453] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5453] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5453] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5457 attached [pid 5457] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5453] <... clone3 resumed> => {parent_tid=[5457]}, 88) = 5457 [pid 5457] <... rseq resumed>) = 0 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], [pid 5457] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5453] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5453] <... futex resumed>) = 0 [pid 5457] <... open resumed>) = 7 [ 150.784998][ T5454] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 150.801506][ T5454] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 150.814420][ T5454] EXT4-fs (loop0): This should not happen!! Data will be lost [ 150.814420][ T5454] [ 150.824263][ T5454] EXT4-fs (loop0): Total free blocks count 0 [pid 5453] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5457] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5457] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5454] <... futex resumed>) = 0 [pid 5453] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] pipe2( [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5454] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] exit_group(0 [pid 5454] <... futex resumed>) = ? [pid 5453] <... exit_group resumed>) = ? [pid 5457] <... futex resumed>) = ? [pid 5454] +++ exited with 0 +++ [pid 5457] +++ exited with 0 +++ [pid 5453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5453, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 150.830351][ T5454] EXT4-fs (loop0): Free/Dirty block details [ 150.836054][ T29] audit: type=1804 audit(1714530419.645:315): pid=5457 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/71/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 150.836276][ T5454] EXT4-fs (loop0): free_blocks=2415919104 [ 150.865780][ T5454] EXT4-fs (loop0): dirty_blocks=16 [ 150.871419][ T5454] EXT4-fs (loop0): Block reservation details [ 150.877473][ T5454] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 150.928878][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5458 attached , child_tidptr=0x5555749a2690) = 5458 [pid 5458] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5458] chdir("./72") = 0 [pid 5458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5458] setpgid(0, 0) = 0 [pid 5458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5458] write(3, "1000", 4) = 4 [pid 5458] close(3) = 0 [pid 5458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5458] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5458] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5458] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5459 attached [pid 5459] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5458] <... clone3 resumed> => {parent_tid=[5459]}, 88) = 5459 [pid 5459] set_robust_list(0x7f03761f79a0, 24 [pid 5458] rt_sigprocmask(SIG_SETMASK, [], [pid 5459] <... set_robust_list resumed>) = 0 [pid 5458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5459] rt_sigprocmask(SIG_SETMASK, [], [pid 5458] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5458] <... futex resumed>) = 0 [pid 5459] memfd_create("syzkaller", 0 [pid 5458] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5459] <... memfd_create resumed>) = 3 [pid 5459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5459] munmap(0x7f036dc00000, 138412032) = 0 [pid 5459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5459] close(3) = 0 [pid 5459] close(4) = 0 [pid 5459] mkdir("./bus", 0777) = 0 [ 151.281108][ T5459] loop0: detected capacity change from 0 to 2048 [pid 5459] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5459] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5459] chdir("./bus") = 0 [pid 5459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5459] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5458] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5459] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5458] <... futex resumed>) = 0 [pid 5459] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5458] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... openat resumed>) = 5 [ 151.345787][ T5459] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5459] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = 0 [pid 5458] <... futex resumed>) = 1 [pid 5459] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5458] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... openat resumed>) = 6 [pid 5459] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] <... futex resumed>) = 0 [pid 5459] write(6, "t", 1) = 1 [pid 5459] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5459] <... futex resumed>) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 151.384128][ T29] audit: type=1804 audit(1714530420.195:316): pid=5459 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/72/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 151.421157][ T29] audit: type=1804 audit(1714530420.235:317): pid=5459 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/72/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5459] sendfile(6, 5, NULL, 131071 [pid 5458] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5458] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5458] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 151.497901][ T5459] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 151.513265][ T5459] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 151.525788][ T5459] EXT4-fs (loop0): This should not happen!! Data will be lost [ 151.525788][ T5459] [ 151.536887][ T5459] EXT4-fs (loop0): Total free blocks count 0 [pid 5458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5462 attached [pid 5462] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5458] <... clone3 resumed> => {parent_tid=[5462]}, 88) = 5462 [pid 5462] <... rseq resumed>) = 0 [pid 5458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5458] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] <... sendfile resumed>) = 75 [pid 5458] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] set_robust_list(0x7f03761d69a0, 24 [pid 5459] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... set_robust_list resumed>) = 0 [pid 5459] <... futex resumed>) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5459] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5462] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 1 [pid 5458] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 151.543627][ T5459] EXT4-fs (loop0): Free/Dirty block details [ 151.549565][ T5459] EXT4-fs (loop0): free_blocks=2415919104 [ 151.555746][ T5459] EXT4-fs (loop0): dirty_blocks=16 [ 151.561450][ T5459] EXT4-fs (loop0): Block reservation details [ 151.567824][ T5459] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5462] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] <... futex resumed>) = 0 [pid 5459] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5458] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] pipe2(0x20000240, 0) = 0 [pid 5459] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5458] exit_group(0 [pid 5462] <... futex resumed>) = ? [pid 5458] <... exit_group resumed>) = ? [pid 5462] +++ exited with 0 +++ [pid 5459] +++ exited with 0 +++ [pid 5458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5458, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 151.578572][ T29] audit: type=1804 audit(1714530420.385:318): pid=5462 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/72/bus/bus" dev="loop0" ino=18 res=1 errno=0 openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 151.668919][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./72/bus") = 0 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5463 attached , child_tidptr=0x5555749a2690) = 5463 [pid 5463] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5463] chdir("./73") = 0 [pid 5463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5463] setpgid(0, 0) = 0 [pid 5463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5463] write(3, "1000", 4) = 4 [pid 5463] close(3) = 0 [pid 5463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5463] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5463] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5464 attached [pid 5464] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5463] <... clone3 resumed> => {parent_tid=[5464]}, 88) = 5464 [pid 5464] <... rseq resumed>) = 0 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5464] set_robust_list(0x7f03761f79a0, 24 [pid 5463] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... set_robust_list resumed>) = 0 [pid 5464] rt_sigprocmask(SIG_SETMASK, [], [pid 5463] <... futex resumed>) = 0 [pid 5464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5464] memfd_create("syzkaller", 0) = 3 [pid 5464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5464] munmap(0x7f036dc00000, 138412032) = 0 [pid 5464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5464] close(3) = 0 [pid 5464] close(4) = 0 [pid 5464] mkdir("./bus", 0777) = 0 [ 152.014439][ T5464] loop0: detected capacity change from 0 to 2048 [pid 5464] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5464] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5464] chdir("./bus") = 0 [pid 5464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5464] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5464] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5463] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] <... openat resumed>) = 4 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5463] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 152.056606][ T5464] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5464] <... futex resumed>) = 1 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5464] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5464] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5464] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5463] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5463] <... futex resumed>) = 0 [pid 5464] <... openat resumed>) = 6 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] write(6, "t", 1 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] <... write resumed>) = 1 [pid 5464] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5463] <... futex resumed>) = 1 [pid 5464] sendfile(6, 5, NULL, 131071 [ 152.118702][ T29] audit: type=1804 audit(1714530420.925:319): pid=5464 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/73/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 152.145353][ T29] audit: type=1804 audit(1714530420.955:320): pid=5464 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/73/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5463] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5463] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 152.212217][ T5464] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 152.227589][ T5464] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 152.239945][ T5464] EXT4-fs (loop0): This should not happen!! Data will be lost [ 152.239945][ T5464] [ 152.249702][ T5464] EXT4-fs (loop0): Total free blocks count 0 [ 152.255792][ T5464] EXT4-fs (loop0): Free/Dirty block details [pid 5463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5467 attached [pid 5467] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5463] <... clone3 resumed> => {parent_tid=[5467]}, 88) = 5467 [pid 5467] <... rseq resumed>) = 0 [pid 5467] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], [pid 5467] rt_sigprocmask(SIG_SETMASK, [], [pid 5463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5463] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5463] <... futex resumed>) = 0 [pid 5467] <... open resumed>) = 7 [pid 5464] <... sendfile resumed>) = 75 [pid 5463] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5463] <... futex resumed>) = 0 [pid 5467] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5463] <... futex resumed>) = 0 [pid 5464] <... futex resumed>) = 1 [pid 5463] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] pipe2( [pid 5463] <... futex resumed>) = 0 [pid 5464] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5463] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5464] <... futex resumed>) = 0 [pid 5463] exit_group(0 [pid 5467] <... futex resumed>) = ? [pid 5463] <... exit_group resumed>) = ? [pid 5467] +++ exited with 0 +++ [pid 5464] +++ exited with 0 +++ [pid 5463] +++ exited with 0 +++ [ 152.261874][ T5464] EXT4-fs (loop0): free_blocks=2415919104 [ 152.267653][ T5464] EXT4-fs (loop0): dirty_blocks=16 [ 152.272892][ T5464] EXT4-fs (loop0): Block reservation details [ 152.278923][ T5464] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 152.287156][ T29] audit: type=1804 audit(1714530421.105:321): pid=5467 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/73/bus/bus" dev="loop0" ino=18 res=1 errno=0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5463, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 152.418017][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5468 attached , child_tidptr=0x5555749a2690) = 5468 [pid 5468] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5468] chdir("./74") = 0 [pid 5468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5468] setpgid(0, 0) = 0 [pid 5468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5468] write(3, "1000", 4) = 4 [pid 5468] close(3) = 0 [pid 5468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5468] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5468] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5469 attached [pid 5469] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5468] <... clone3 resumed> => {parent_tid=[5469]}, 88) = 5469 [pid 5469] <... rseq resumed>) = 0 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], [pid 5469] set_robust_list(0x7f03761f79a0, 24 [pid 5468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5469] <... set_robust_list resumed>) = 0 [pid 5468] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] rt_sigprocmask(SIG_SETMASK, [], [pid 5468] <... futex resumed>) = 0 [pid 5469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5469] memfd_create("syzkaller", 0 [pid 5468] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5469] <... memfd_create resumed>) = 3 [pid 5469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5469] munmap(0x7f036dc00000, 138412032) = 0 [pid 5469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5469] close(3) = 0 [pid 5469] close(4) = 0 [pid 5469] mkdir("./bus", 0777) = 0 [pid 5469] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5469] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5469] chdir("./bus") = 0 [pid 5469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5469] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [ 152.842053][ T5469] loop0: detected capacity change from 0 to 2048 [ 152.876345][ T5469] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5468] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... openat resumed>) = 4 [pid 5468] <... futex resumed>) = 0 [pid 5469] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5469] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] <... futex resumed>) = 0 [pid 5469] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5468] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... openat resumed>) = 5 [pid 5469] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5469] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5469] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5468] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... openat resumed>) = 6 [pid 5469] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5469] <... futex resumed>) = 1 [pid 5468] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] write(6, "t", 1 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... write resumed>) = 1 [pid 5469] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] <... futex resumed>) = 0 [pid 5469] sendfile(6, 5, NULL, 131071 [ 152.936294][ T29] audit: type=1804 audit(1714530421.745:322): pid=5469 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/74/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5468] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5468] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5468] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5472 attached [pid 5472] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5468] <... clone3 resumed> => {parent_tid=[5472]}, 88) = 5472 [pid 5472] set_robust_list(0x7f03761d69a0, 24 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], [pid 5472] <... set_robust_list resumed>) = 0 [pid 5468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5468] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5468] <... futex resumed>) = 0 [ 153.001035][ T5469] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 153.016095][ T5469] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 153.029219][ T5469] EXT4-fs (loop0): This should not happen!! Data will be lost [ 153.029219][ T5469] [ 153.041249][ T5469] EXT4-fs (loop0): Total free blocks count 0 [pid 5468] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5472] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5468] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... mmap resumed>) = 0x20000000 [pid 5469] <... sendfile resumed>) = 75 [pid 5469] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5469] pipe2( [pid 5468] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... futex resumed>) = 1 [pid 5469] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5472] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] exit_group(0 [pid 5472] <... futex resumed>) = ? [pid 5469] <... futex resumed>) = ? [pid 5468] <... exit_group resumed>) = ? [pid 5472] +++ exited with 0 +++ [pid 5469] +++ exited with 0 +++ [pid 5468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5468, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 153.047787][ T5469] EXT4-fs (loop0): Free/Dirty block details [ 153.054198][ T5469] EXT4-fs (loop0): free_blocks=2415919104 [ 153.060470][ T5469] EXT4-fs (loop0): dirty_blocks=16 [ 153.065644][ T5469] EXT4-fs (loop0): Block reservation details [ 153.072323][ T5469] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 153.116119][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5473 attached , child_tidptr=0x5555749a2690) = 5473 [pid 5473] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5473] chdir("./75") = 0 [pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5473] setpgid(0, 0) = 0 [pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5473] write(3, "1000", 4) = 4 [pid 5473] close(3) = 0 [pid 5473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5473] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5473] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5474 attached => {parent_tid=[5474]}, 88) = 5474 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5473] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5474] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5474] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5474] memfd_create("syzkaller", 0) = 3 [pid 5474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5474] munmap(0x7f036dc00000, 138412032) = 0 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5474] close(3) = 0 [pid 5474] close(4) = 0 [pid 5474] mkdir("./bus", 0777) = 0 [ 153.495711][ T5474] loop0: detected capacity change from 0 to 2048 [pid 5474] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5474] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5474] chdir("./bus") = 0 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5474] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5473] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5474] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [ 153.546573][ T5474] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5474] <... futex resumed>) = 1 [pid 5473] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5473] <... futex resumed>) = 0 [pid 5474] <... openat resumed>) = 5 [pid 5473] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5474] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] <... futex resumed>) = 0 [pid 5474] write(6, "t", 1 [pid 5473] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... write resumed>) = 1 [pid 5474] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] <... futex resumed>) = 0 [pid 5474] sendfile(6, 5, NULL, 131071 [pid 5473] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5473] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 153.652984][ T5474] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 153.668373][ T5474] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 153.680654][ T5474] EXT4-fs (loop0): This should not happen!! Data will be lost [ 153.680654][ T5474] [ 153.690479][ T5474] EXT4-fs (loop0): Total free blocks count 0 [ 153.696567][ T5474] EXT4-fs (loop0): Free/Dirty block details [pid 5473] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5477 attached [pid 5474] <... sendfile resumed>) = 75 [pid 5477] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5474] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... clone3 resumed> => {parent_tid=[5477]}, 88) = 5477 [pid 5477] set_robust_list(0x7f03761d69a0, 24 [pid 5474] <... futex resumed>) = 0 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], [pid 5477] <... set_robust_list resumed>) = 0 [pid 5474] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5473] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5473] <... futex resumed>) = 0 [pid 5477] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5473] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... open resumed>) = 7 [pid 5477] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = 1 [pid 5473] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5474] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5473] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... mmap resumed>) = 0x20000000 [pid 5474] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [ 153.702560][ T5474] EXT4-fs (loop0): free_blocks=2415919104 [ 153.708323][ T5474] EXT4-fs (loop0): dirty_blocks=16 [ 153.713514][ T5474] EXT4-fs (loop0): Block reservation details [ 153.719558][ T5474] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5474] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] pipe2( [pid 5473] <... futex resumed>) = 0 [pid 5474] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5473] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] <... futex resumed>) = 0 [pid 5473] exit_group(0) = ? [pid 5477] <... futex resumed>) = ? [pid 5477] +++ exited with 0 +++ [pid 5474] +++ exited with 0 +++ [pid 5473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5473, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 153.800797][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5478 ./strace-static-x86_64: Process 5478 attached [pid 5478] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5478] chdir("./76") = 0 [pid 5478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5478] setpgid(0, 0) = 0 [pid 5478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5478] write(3, "1000", 4) = 4 [pid 5478] close(3) = 0 [pid 5478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5478] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5478] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5478] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5478] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5479 attached [pid 5479] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5479] set_robust_list(0x7f03761f79a0, 24 [pid 5478] <... clone3 resumed> => {parent_tid=[5479]}, 88) = 5479 [pid 5479] <... set_robust_list resumed>) = 0 [pid 5479] rt_sigprocmask(SIG_SETMASK, [], [pid 5478] rt_sigprocmask(SIG_SETMASK, [], [pid 5479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5479] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] memfd_create("syzkaller", 0 [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5479] <... memfd_create resumed>) = 3 [pid 5479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5479] munmap(0x7f036dc00000, 138412032) = 0 [pid 5479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5479] close(3) = 0 [pid 5479] close(4) = 0 [pid 5479] mkdir("./bus", 0777) = 0 [ 154.191221][ T5479] loop0: detected capacity change from 0 to 2048 [pid 5479] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5479] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5479] chdir("./bus") = 0 [pid 5479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 154.270926][ T5479] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5479] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] <... futex resumed>) = 0 [pid 5479] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... openat resumed>) = 4 [pid 5479] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... futex resumed>) = 1 [pid 5479] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5479] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5478] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5478] <... futex resumed>) = 0 [pid 5479] <... openat resumed>) = 6 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] <... futex resumed>) = 0 [pid 5479] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5479] write(6, "t", 1 [pid 5478] <... futex resumed>) = 1 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... write resumed>) = 1 [pid 5479] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5479] sendfile(6, 5, NULL, 131071 [pid 5478] <... futex resumed>) = 1 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5478] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5478] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5478] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5478] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5483]}, 88) = 5483 ./strace-static-x86_64: Process 5483 attached [pid 5478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5478] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 154.427793][ T5479] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 154.443252][ T5479] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 154.455611][ T5479] EXT4-fs (loop0): This should not happen!! Data will be lost [ 154.455611][ T5479] [ 154.465449][ T5479] EXT4-fs (loop0): Total free blocks count 0 [ 154.471768][ T5479] EXT4-fs (loop0): Free/Dirty block details [pid 5478] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5483] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5483] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5483] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... sendfile resumed>) = 75 [pid 5479] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5483] <... futex resumed>) = 1 [pid 5478] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] <... futex resumed>) = 0 [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5478] <... futex resumed>) = 0 [pid 5478] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... futex resumed>) = 1 [pid 5479] pipe2(0x20000240, 0) = 0 [pid 5479] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5478] exit_group(0 [pid 5483] <... futex resumed>) = ? [pid 5479] <... futex resumed>) = ? [pid 5478] <... exit_group resumed>) = ? [pid 5483] +++ exited with 0 +++ [pid 5479] +++ exited with 0 +++ [pid 5478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5478, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [ 154.477698][ T5479] EXT4-fs (loop0): free_blocks=2415919104 [ 154.483891][ T5479] EXT4-fs (loop0): dirty_blocks=16 [ 154.489068][ T5479] EXT4-fs (loop0): Block reservation details [ 154.495150][ T5479] EXT4-fs (loop0): i_reserved_data_blocks=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 154.593807][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/bus") = 0 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5484 attached , child_tidptr=0x5555749a2690) = 5484 [pid 5484] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5484] chdir("./77") = 0 [pid 5484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5484] setpgid(0, 0) = 0 [pid 5484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5484] write(3, "1000", 4) = 4 [pid 5484] close(3) = 0 [pid 5484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5484] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5484] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5485 attached [pid 5485] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5485] set_robust_list(0x7f03761f79a0, 24 [pid 5484] <... clone3 resumed> => {parent_tid=[5485]}, 88) = 5485 [pid 5485] <... set_robust_list resumed>) = 0 [pid 5484] rt_sigprocmask(SIG_SETMASK, [], [pid 5485] rt_sigprocmask(SIG_SETMASK, [], [pid 5484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5484] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5485] memfd_create("syzkaller", 0 [pid 5484] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5485] <... memfd_create resumed>) = 3 [pid 5485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5485] munmap(0x7f036dc00000, 138412032) = 0 [pid 5485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5485] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5485] close(3) = 0 [pid 5485] close(4) = 0 [pid 5485] mkdir("./bus", 0777) = 0 [ 154.916851][ T5485] loop0: detected capacity change from 0 to 2048 [pid 5485] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5485] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5485] chdir("./bus") = 0 [pid 5485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5485] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5484] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... openat resumed>) = 4 [pid 5485] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5484] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5484] <... futex resumed>) = 0 [pid 5485] <... openat resumed>) = 5 [pid 5484] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5484] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... openat resumed>) = 6 [ 154.965978][ T5485] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5485] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5485] <... futex resumed>) = 1 [pid 5484] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] write(6, "t", 1 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... write resumed>) = 1 [pid 5485] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5485] <... futex resumed>) = 0 [pid 5484] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] sendfile(6, 5, NULL, 131071 [pid 5484] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5484] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5484] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 155.084140][ T5485] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 155.099389][ T5485] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 155.111771][ T5485] EXT4-fs (loop0): This should not happen!! Data will be lost [ 155.111771][ T5485] [ 155.121566][ T5485] EXT4-fs (loop0): Total free blocks count 0 [ 155.127638][ T5485] EXT4-fs (loop0): Free/Dirty block details [pid 5484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5488 attached [pid 5488] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5484] <... clone3 resumed> => {parent_tid=[5488]}, 88) = 5488 [pid 5488] <... rseq resumed>) = 0 [pid 5484] rt_sigprocmask(SIG_SETMASK, [], [pid 5488] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5488] rt_sigprocmask(SIG_SETMASK, [], [pid 5484] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5484] <... futex resumed>) = 0 [pid 5488] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5484] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... open resumed>) = 7 [pid 5485] <... sendfile resumed>) = 75 [pid 5488] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5488] <... futex resumed>) = 1 [pid 5484] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = 0 [pid 5484] <... futex resumed>) = 0 [pid 5488] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5484] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... mmap resumed>) = 0x20000000 [pid 5485] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5485] <... futex resumed>) = 0 [pid 5484] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] pipe2( [pid 5484] <... futex resumed>) = 0 [pid 5485] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5484] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] <... futex resumed>) = 0 [pid 5485] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5484] exit_group(0 [pid 5488] <... futex resumed>) = ? [pid 5484] <... exit_group resumed>) = ? [ 155.133634][ T5485] EXT4-fs (loop0): free_blocks=2415919104 [ 155.139410][ T5485] EXT4-fs (loop0): dirty_blocks=16 [ 155.144616][ T5485] EXT4-fs (loop0): Block reservation details [ 155.150734][ T5485] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5488] +++ exited with 0 +++ [pid 5485] <... futex resumed>) = ? [pid 5485] +++ exited with 0 +++ [pid 5484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5484, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 155.245698][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/bus") = 0 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5489 attached , child_tidptr=0x5555749a2690) = 5489 [pid 5489] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5489] chdir("./78") = 0 [pid 5489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5489] setpgid(0, 0) = 0 [pid 5489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5489] write(3, "1000", 4) = 4 [pid 5489] close(3) = 0 [pid 5489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5489] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5489] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5490 attached [pid 5490] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5490] set_robust_list(0x7f03761f79a0, 24 [pid 5489] <... clone3 resumed> => {parent_tid=[5490]}, 88) = 5490 [pid 5490] <... set_robust_list resumed>) = 0 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5490] rt_sigprocmask(SIG_SETMASK, [], [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5490] memfd_create("syzkaller", 0 [pid 5489] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5490] <... memfd_create resumed>) = 3 [pid 5490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5490] munmap(0x7f036dc00000, 138412032) = 0 [pid 5490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5490] close(3) = 0 [pid 5490] close(4) = 0 [pid 5490] mkdir("./bus", 0777) = 0 [pid 5490] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5490] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5490] chdir("./bus") = 0 [pid 5490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5490] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5490] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5490] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5489] <... futex resumed>) = 0 [ 155.648751][ T5490] loop0: detected capacity change from 0 to 2048 [pid 5489] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... openat resumed>) = 4 [pid 5490] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5489] <... futex resumed>) = 1 [pid 5490] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5489] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... openat resumed>) = 5 [pid 5490] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5490] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... openat resumed>) = 6 [pid 5490] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] write(6, "t", 1 [pid 5489] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... write resumed>) = 1 [pid 5490] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5489] <... futex resumed>) = 0 [pid 5490] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 155.713035][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 155.713059][ T29] audit: type=1804 audit(1714530424.525:337): pid=5490 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/78/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5490] sendfile(6, 5, NULL, 131071 [pid 5489] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 155.746773][ T29] audit: type=1804 audit(1714530424.535:338): pid=5490 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/78/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 155.797782][ T5490] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 5489] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5489] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5493 attached [pid 5493] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5489] <... clone3 resumed> => {parent_tid=[5493]}, 88) = 5493 [pid 5493] <... rseq resumed>) = 0 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5493] set_robust_list(0x7f03761d69a0, 24 [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5493] <... set_robust_list resumed>) = 0 [pid 5489] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], [pid 5489] <... futex resumed>) = 0 [pid 5493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5489] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5493] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 155.813378][ T5490] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 155.825838][ T29] audit: type=1804 audit(1714530424.625:339): pid=5493 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/78/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 155.826651][ T5490] EXT4-fs (loop0): This should not happen!! Data will be lost [ 155.826651][ T5490] [pid 5489] <... futex resumed>) = 0 [pid 5493] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5493] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5490] <... sendfile resumed>) = 75 [pid 5489] <... futex resumed>) = 1 [pid 5493] <... mmap resumed>) = 0x20000000 [pid 5490] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] <... futex resumed>) = 0 [pid 5490] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] <... futex resumed>) = 0 [pid 5490] pipe2( [pid 5489] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5490] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] <... futex resumed>) = 0 [pid 5489] exit_group(0 [pid 5493] <... futex resumed>) = ? [pid 5490] <... futex resumed>) = ? [pid 5489] <... exit_group resumed>) = ? [pid 5493] +++ exited with 0 +++ [pid 5490] +++ exited with 0 +++ [pid 5489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5489, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 155.861150][ T5490] EXT4-fs (loop0): Total free blocks count 0 [ 155.867219][ T5490] EXT4-fs (loop0): Free/Dirty block details [ 155.873188][ T5490] EXT4-fs (loop0): free_blocks=2415919104 [ 155.878924][ T5490] EXT4-fs (loop0): dirty_blocks=16 [ 155.884089][ T5490] EXT4-fs (loop0): Block reservation details [ 155.890129][ T5490] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 155.952384][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 155.964946][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 155.964946][ T62] close(4) = 0 rmdir("./78/bus") = 0 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5494 attached , child_tidptr=0x5555749a2690) = 5494 [pid 5494] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5494] chdir("./79") = 0 [pid 5494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5494] setpgid(0, 0) = 0 [pid 5494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5494] write(3, "1000", 4) = 4 [pid 5494] close(3) = 0 [pid 5494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5494] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5494] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5495 attached [pid 5495] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5494] <... clone3 resumed> => {parent_tid=[5495]}, 88) = 5495 [pid 5495] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], [pid 5494] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5495] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] <... futex resumed>) = 0 [pid 5495] memfd_create("syzkaller", 0 [pid 5494] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5495] <... memfd_create resumed>) = 3 [pid 5495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5495] munmap(0x7f036dc00000, 138412032) = 0 [pid 5495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5495] close(3) = 0 [pid 5495] close(4) = 0 [pid 5495] mkdir("./bus", 0777) = 0 [ 156.263730][ T5495] loop0: detected capacity change from 0 to 2048 [pid 5495] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5495] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5495] chdir("./bus") = 0 [pid 5495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5495] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5494] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... openat resumed>) = 4 [pid 5495] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5494] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... openat resumed>) = 5 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5494] <... futex resumed>) = 0 [pid 5495] <... openat resumed>) = 6 [pid 5494] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5495] <... futex resumed>) = 1 [pid 5494] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] write(6, "t", 1 [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... write resumed>) = 1 [pid 5495] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5495] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] <... futex resumed>) = 0 [pid 5495] sendfile(6, 5, NULL, 131071 [ 156.383115][ T29] audit: type=1804 audit(1714530425.195:340): pid=5495 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/79/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 156.408278][ T29] audit: type=1804 audit(1714530425.225:341): pid=5495 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/79/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5494] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5494] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5494] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5498 attached [pid 5498] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5494] <... clone3 resumed> => {parent_tid=[5498]}, 88) = 5498 [pid 5498] <... rseq resumed>) = 0 [pid 5498] set_robust_list(0x7f03761d69a0, 24 [pid 5494] rt_sigprocmask(SIG_SETMASK, [], [pid 5498] <... set_robust_list resumed>) = 0 [pid 5494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 156.491451][ T5495] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 156.507048][ T5495] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 156.519593][ T5495] EXT4-fs (loop0): This should not happen!! Data will be lost [ 156.519593][ T5495] [pid 5494] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5494] <... futex resumed>) = 0 [pid 5498] <... open resumed>) = 7 [pid 5498] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... futex resumed>) = 0 [pid 5498] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5494] <... futex resumed>) = 1 [pid 5494] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] <... mmap resumed>) = 0x20000000 [pid 5495] <... sendfile resumed>) = 75 [pid 5498] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] <... futex resumed>) = 0 [pid 5494] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... futex resumed>) = 0 [pid 5498] pipe2( [pid 5495] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5498] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5495] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] <... futex resumed>) = 0 [pid 5494] exit_group(0 [pid 5495] <... futex resumed>) = ? [pid 5494] <... exit_group resumed>) = ? [pid 5495] +++ exited with 0 +++ [pid 5498] <... futex resumed>) = ? [pid 5498] +++ exited with 0 +++ [pid 5494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5494, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 156.526951][ T29] audit: type=1804 audit(1714530425.335:342): pid=5498 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/79/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 156.529403][ T5495] EXT4-fs (loop0): Total free blocks count 0 [ 156.559610][ T5495] EXT4-fs (loop0): Free/Dirty block details [ 156.565892][ T5495] EXT4-fs (loop0): free_blocks=2415919104 [ 156.571801][ T5495] EXT4-fs (loop0): dirty_blocks=16 [ 156.576958][ T5495] EXT4-fs (loop0): Block reservation details [ 156.583123][ T5495] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 156.636134][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 156.648433][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 156.648433][ T62] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/bus") = 0 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5499 attached , child_tidptr=0x5555749a2690) = 5499 [pid 5499] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5499] chdir("./80") = 0 [pid 5499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5499] setpgid(0, 0) = 0 [pid 5499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5499] write(3, "1000", 4) = 4 [pid 5499] close(3) = 0 [pid 5499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5499] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5499] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5500 attached [pid 5500] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5499] <... clone3 resumed> => {parent_tid=[5500]}, 88) = 5500 [pid 5500] <... rseq resumed>) = 0 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], [pid 5500] set_robust_list(0x7f03761f79a0, 24 [pid 5499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5500] <... set_robust_list resumed>) = 0 [pid 5499] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], [pid 5499] <... futex resumed>) = 0 [pid 5500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5499] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5500] memfd_create("syzkaller", 0) = 3 [pid 5500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5500] munmap(0x7f036dc00000, 138412032) = 0 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5500] close(3) = 0 [pid 5500] close(4) = 0 [pid 5500] mkdir("./bus", 0777) = 0 [ 156.995537][ T5500] loop0: detected capacity change from 0 to 2048 [pid 5500] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5500] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5500] chdir("./bus") = 0 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5500] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5499] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... openat resumed>) = 4 [pid 5500] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] <... futex resumed>) = 0 [pid 5500] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5499] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... openat resumed>) = 5 [pid 5500] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5500] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... openat resumed>) = 6 [pid 5500] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] write(6, "t", 1 [pid 5499] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... write resumed>) = 1 [pid 5500] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] sendfile(6, 5, NULL, 131071 [pid 5499] <... futex resumed>) = 0 [ 157.100246][ T29] audit: type=1804 audit(1714530425.905:343): pid=5500 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/80/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 157.125413][ T29] audit: type=1804 audit(1714530425.925:344): pid=5500 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/80/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5499] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5499] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5499] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5503]}, 88) = 5503 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5503 attached [pid 5503] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5503] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5503] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5503] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [ 157.191616][ T5500] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 157.207630][ T5500] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 157.220178][ T5500] EXT4-fs (loop0): This should not happen!! Data will be lost [ 157.220178][ T5500] [ 157.230174][ T5500] EXT4-fs (loop0): Total free blocks count 0 [pid 5503] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] <... futex resumed>) = 0 [pid 5503] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5499] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... mmap resumed>) = 0x20000000 [pid 5500] <... sendfile resumed>) = 75 [pid 5503] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5503] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] <... futex resumed>) = 0 [pid 5499] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] pipe2( [pid 5499] <... futex resumed>) = 0 [pid 5500] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5499] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5499] exit_group(0) = ? [pid 5503] <... futex resumed>) = ? [pid 5503] +++ exited with 0 +++ [pid 5500] <... futex resumed>) = ? [ 157.237083][ T5500] EXT4-fs (loop0): Free/Dirty block details [ 157.243732][ T29] audit: type=1804 audit(1714530426.045:345): pid=5503 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/80/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 157.244807][ T5500] EXT4-fs (loop0): free_blocks=2415919104 [ 157.273076][ T5500] EXT4-fs (loop0): dirty_blocks=16 [ 157.278201][ T5500] EXT4-fs (loop0): Block reservation details [ 157.284922][ T5500] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5500] +++ exited with 0 +++ [pid 5499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5499, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 157.366510][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 157.378780][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 157.378780][ T2467] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/bus") = 0 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5504 attached , child_tidptr=0x5555749a2690) = 5504 [pid 5504] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5504] chdir("./81") = 0 [pid 5504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5504] setpgid(0, 0) = 0 [pid 5504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5504] write(3, "1000", 4) = 4 [pid 5504] close(3) = 0 [pid 5504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5504] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5504] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5505 attached => {parent_tid=[5505]}, 88) = 5505 [pid 5505] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], [pid 5505] set_robust_list(0x7f03761f79a0, 24 [pid 5504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5505] <... set_robust_list resumed>) = 0 [pid 5505] rt_sigprocmask(SIG_SETMASK, [], [pid 5504] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5505] memfd_create("syzkaller", 0) = 3 [pid 5505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5505] munmap(0x7f036dc00000, 138412032) = 0 [pid 5505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5505] close(3) = 0 [pid 5505] close(4) = 0 [pid 5505] mkdir("./bus", 0777) = 0 [pid 5505] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 157.732502][ T5505] loop0: detected capacity change from 0 to 2048 [pid 5505] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5505] chdir("./bus") = 0 [pid 5505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5505] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5505] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5504] <... futex resumed>) = 1 [pid 5504] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5504] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... openat resumed>) = 5 [pid 5505] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5504] <... futex resumed>) = 1 [pid 5505] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5504] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... openat resumed>) = 6 [pid 5505] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] write(6, "t", 1 [pid 5504] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... write resumed>) = 1 [pid 5505] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5505] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5504] <... futex resumed>) = 0 [pid 5505] sendfile(6, 5, NULL, 131071 [ 157.807803][ T29] audit: type=1804 audit(1714530426.615:346): pid=5505 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/81/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5504] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5504] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5504] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 157.893993][ T5505] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 157.911341][ T5505] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 157.923739][ T5505] EXT4-fs (loop0): This should not happen!! Data will be lost [ 157.923739][ T5505] [ 157.933514][ T5505] EXT4-fs (loop0): Total free blocks count 0 [pid 5504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5508 attached [pid 5508] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5504] <... clone3 resumed> => {parent_tid=[5508]}, 88) = 5508 [pid 5508] <... rseq resumed>) = 0 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], [pid 5508] set_robust_list(0x7f03761d69a0, 24 [pid 5504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] <... set_robust_list resumed>) = 0 [pid 5504] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], [pid 5504] <... futex resumed>) = 0 [pid 5508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5504] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5508] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5508] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5504] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... sendfile resumed>) = 75 [pid 5508] <... mmap resumed>) = 0x20000000 [pid 5505] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] <... futex resumed>) = 0 [pid 5505] pipe2(0x20000240, 0) = 0 [pid 5505] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5505] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] exit_group(0 [pid 5508] <... futex resumed>) = ? [pid 5505] <... futex resumed>) = ? [pid 5504] <... exit_group resumed>) = ? [pid 5508] +++ exited with 0 +++ [pid 5505] +++ exited with 0 +++ [ 157.939653][ T5505] EXT4-fs (loop0): Free/Dirty block details [ 157.945699][ T5505] EXT4-fs (loop0): free_blocks=2415919104 [ 157.951609][ T5505] EXT4-fs (loop0): dirty_blocks=16 [ 157.956778][ T5505] EXT4-fs (loop0): Block reservation details [ 157.962845][ T5505] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5504, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 158.028723][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 158.041247][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 158.041247][ T2467] umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/bus") = 0 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5509 attached , child_tidptr=0x5555749a2690) = 5509 [pid 5509] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5509] chdir("./82") = 0 [pid 5509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5509] setpgid(0, 0) = 0 [pid 5509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5509] write(3, "1000", 4) = 4 [pid 5509] close(3) = 0 [pid 5509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5509] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5509] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5509] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5510 attached [pid 5510] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5509] <... clone3 resumed> => {parent_tid=[5510]}, 88) = 5510 [pid 5510] set_robust_list(0x7f03761f79a0, 24 [pid 5509] rt_sigprocmask(SIG_SETMASK, [], [pid 5510] <... set_robust_list resumed>) = 0 [pid 5509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5510] rt_sigprocmask(SIG_SETMASK, [], [pid 5509] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5510] memfd_create("syzkaller", 0 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5510] <... memfd_create resumed>) = 3 [pid 5510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5510] munmap(0x7f036dc00000, 138412032) = 0 [pid 5510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5510] close(3) = 0 [pid 5510] close(4) = 0 [pid 5510] mkdir("./bus", 0777) = 0 [pid 5510] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5510] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5510] chdir("./bus") = 0 [ 158.488553][ T5510] loop0: detected capacity change from 0 to 2048 [pid 5510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5510] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5510] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5509] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... openat resumed>) = 4 [pid 5510] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5509] <... futex resumed>) = 0 [pid 5510] <... openat resumed>) = 5 [pid 5509] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5510] <... futex resumed>) = 1 [pid 5509] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... openat resumed>) = 6 [pid 5510] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5510] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5509] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] write(6, "t", 1 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... write resumed>) = 1 [pid 5510] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... futex resumed>) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5510] sendfile(6, 5, NULL, 131071 [pid 5509] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5509] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5509] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5513 attached [pid 5513] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5513] set_robust_list(0x7f03761d69a0, 24 [pid 5509] <... clone3 resumed> => {parent_tid=[5513]}, 88) = 5513 [pid 5513] <... set_robust_list resumed>) = 0 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], [pid 5509] rt_sigprocmask(SIG_SETMASK, [], [pid 5513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5513] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5509] <... futex resumed>) = 0 [ 158.634430][ T5510] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 158.649502][ T5510] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 158.662231][ T5510] EXT4-fs (loop0): This should not happen!! Data will be lost [ 158.662231][ T5510] [ 158.672387][ T5510] EXT4-fs (loop0): Total free blocks count 0 [ 158.678805][ T5510] EXT4-fs (loop0): Free/Dirty block details [pid 5513] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5509] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... open resumed>) = 7 [pid 5513] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5513] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5509] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... mmap resumed>) = 0x20000000 [pid 5510] <... sendfile resumed>) = 75 [pid 5513] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... futex resumed>) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5513] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 1 [pid 5509] <... futex resumed>) = 0 [pid 5510] pipe2( [pid 5509] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5510] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5510] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5509] exit_group(0) = ? [pid 5513] <... futex resumed>) = ? [pid 5513] +++ exited with 0 +++ [pid 5510] <... futex resumed>) = ? [ 158.686159][ T5510] EXT4-fs (loop0): free_blocks=2415919104 [ 158.693142][ T5510] EXT4-fs (loop0): dirty_blocks=16 [ 158.698847][ T5510] EXT4-fs (loop0): Block reservation details [ 158.704934][ T5510] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5510] +++ exited with 0 +++ [pid 5509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5509, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 158.817304][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 158.829691][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 158.829691][ T62] close(4) = 0 rmdir("./82/bus") = 0 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5514 attached , child_tidptr=0x5555749a2690) = 5514 [pid 5514] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5514] chdir("./83") = 0 [pid 5514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5514] setpgid(0, 0) = 0 [pid 5514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5514] write(3, "1000", 4) = 4 [pid 5514] close(3) = 0 [pid 5514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5514] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5514] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5515 attached [pid 5515] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5514] <... clone3 resumed> => {parent_tid=[5515]}, 88) = 5515 [pid 5515] <... rseq resumed>) = 0 [pid 5515] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5515] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5514] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5515] memfd_create("syzkaller", 0 [pid 5514] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5515] <... memfd_create resumed>) = 3 [pid 5515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5515] munmap(0x7f036dc00000, 138412032) = 0 [pid 5515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5515] close(3) = 0 [pid 5515] close(4) = 0 [pid 5515] mkdir("./bus", 0777) = 0 [pid 5515] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5515] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5515] chdir("./bus") = 0 [pid 5515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 159.142674][ T5515] loop0: detected capacity change from 0 to 2048 [pid 5515] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5515] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5514] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... openat resumed>) = 4 [pid 5515] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5514] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... openat resumed>) = 5 [pid 5514] <... futex resumed>) = 0 [pid 5515] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5515] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5514] <... futex resumed>) = 0 [pid 5515] <... openat resumed>) = 6 [pid 5514] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5515] <... futex resumed>) = 1 [pid 5514] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] write(6, "t", 1 [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... write resumed>) = 1 [pid 5515] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] <... futex resumed>) = 0 [pid 5515] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] sendfile(6, 5, NULL, 131071 [pid 5514] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5514] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5514] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5518 attached [pid 5518] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5514] <... clone3 resumed> => {parent_tid=[5518]}, 88) = 5518 [pid 5518] <... rseq resumed>) = 0 [pid 5514] rt_sigprocmask(SIG_SETMASK, [], [pid 5518] set_robust_list(0x7f03761d69a0, 24 [pid 5514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5518] <... set_robust_list resumed>) = 0 [pid 5514] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], [pid 5514] <... futex resumed>) = 0 [pid 5518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5514] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 159.293263][ T5515] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 159.309241][ T5515] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 159.321584][ T5515] EXT4-fs (loop0): This should not happen!! Data will be lost [ 159.321584][ T5515] [ 159.331890][ T5515] EXT4-fs (loop0): Total free blocks count 0 [pid 5518] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5518] <... futex resumed>) = 1 [pid 5514] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5514] <... futex resumed>) = 0 [pid 5514] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] <... mmap resumed>) = 0x20000000 [pid 5515] <... sendfile resumed>) = 75 [pid 5515] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = 0 [pid 5518] <... futex resumed>) = 1 [pid 5515] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] <... futex resumed>) = 0 [pid 5518] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5514] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] <... futex resumed>) = 0 [pid 5514] <... futex resumed>) = 1 [pid 5515] pipe2( [pid 5514] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5515] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5515] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5514] exit_group(0 [pid 5518] <... futex resumed>) = ? [pid 5515] <... futex resumed>) = ? [pid 5514] <... exit_group resumed>) = ? [pid 5518] +++ exited with 0 +++ [pid 5515] +++ exited with 0 +++ [pid 5514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5514, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 159.338363][ T5515] EXT4-fs (loop0): Free/Dirty block details [ 159.344826][ T5515] EXT4-fs (loop0): free_blocks=2415919104 [ 159.351136][ T5515] EXT4-fs (loop0): dirty_blocks=16 [ 159.356333][ T5515] EXT4-fs (loop0): Block reservation details [ 159.362882][ T5515] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 159.427439][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 159.439891][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 159.439891][ T62] openat(AT_FDCWD, "./83/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/bus") = 0 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5519 attached , child_tidptr=0x5555749a2690) = 5519 [pid 5519] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5519] chdir("./84") = 0 [pid 5519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5519] setpgid(0, 0) = 0 [pid 5519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5519] write(3, "1000", 4) = 4 [pid 5519] close(3) = 0 [pid 5519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5519] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5519] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5520 attached [pid 5520] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5519] <... clone3 resumed> => {parent_tid=[5520]}, 88) = 5520 [pid 5520] <... rseq resumed>) = 0 [pid 5520] set_robust_list(0x7f03761f79a0, 24 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5520] <... set_robust_list resumed>) = 0 [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5520] rt_sigprocmask(SIG_SETMASK, [], [pid 5519] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5519] <... futex resumed>) = 0 [pid 5520] memfd_create("syzkaller", 0 [pid 5519] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5520] <... memfd_create resumed>) = 3 [pid 5520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5520] munmap(0x7f036dc00000, 138412032) = 0 [pid 5520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5520] close(3) = 0 [pid 5520] close(4) = 0 [pid 5520] mkdir("./bus", 0777) = 0 [pid 5520] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5520] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 159.776599][ T5520] loop0: detected capacity change from 0 to 2048 [pid 5520] chdir("./bus") = 0 [pid 5520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5520] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5520] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5519] <... futex resumed>) = 0 [pid 5520] <... openat resumed>) = 4 [pid 5519] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5519] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... openat resumed>) = 5 [pid 5519] <... futex resumed>) = 0 [pid 5520] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5520] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5519] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... openat resumed>) = 6 [pid 5520] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5520] write(6, "t", 1 [pid 5519] <... futex resumed>) = 1 [pid 5519] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... write resumed>) = 1 [pid 5520] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5519] <... futex resumed>) = 0 [pid 5520] sendfile(6, 5, NULL, 131071 [pid 5519] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5519] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5519] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 159.927765][ T5520] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 159.942854][ T5520] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 159.955246][ T5520] EXT4-fs (loop0): This should not happen!! Data will be lost [ 159.955246][ T5520] [ 159.965062][ T5520] EXT4-fs (loop0): Total free blocks count 0 [ 159.971159][ T5520] EXT4-fs (loop0): Free/Dirty block details [pid 5519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5523 attached [pid 5523] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5519] <... clone3 resumed> => {parent_tid=[5523]}, 88) = 5523 [pid 5523] <... rseq resumed>) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5519] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5519] <... futex resumed>) = 0 [pid 5523] <... open resumed>) = 7 [pid 5519] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... sendfile resumed>) = 75 [pid 5520] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5523] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] <... futex resumed>) = 0 [pid 5519] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] pipe2( [pid 5519] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5520] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] exit_group(0 [pid 5523] <... futex resumed>) = ? [pid 5520] <... futex resumed>) = ? [pid 5519] <... exit_group resumed>) = ? [pid 5520] +++ exited with 0 +++ [ 159.977102][ T5520] EXT4-fs (loop0): free_blocks=2415919104 [ 159.982924][ T5520] EXT4-fs (loop0): dirty_blocks=16 [ 159.988071][ T5520] EXT4-fs (loop0): Block reservation details [ 159.994168][ T5520] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5523] +++ exited with 0 +++ [pid 5519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5519, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 160.072739][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 160.085058][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 160.085058][ T2467] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/bus") = 0 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5524 attached , child_tidptr=0x5555749a2690) = 5524 [pid 5524] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5524] chdir("./85") = 0 [pid 5524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5524] setpgid(0, 0) = 0 [pid 5524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5524] write(3, "1000", 4) = 4 [pid 5524] close(3) = 0 [pid 5524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5524] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5524] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5525 attached [pid 5525] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5524] <... clone3 resumed> => {parent_tid=[5525]}, 88) = 5525 [pid 5525] <... rseq resumed>) = 0 [pid 5524] rt_sigprocmask(SIG_SETMASK, [], [pid 5525] set_robust_list(0x7f03761f79a0, 24 [pid 5524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5525] <... set_robust_list resumed>) = 0 [pid 5524] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] rt_sigprocmask(SIG_SETMASK, [], [pid 5524] <... futex resumed>) = 0 [pid 5525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5524] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5525] memfd_create("syzkaller", 0) = 3 [pid 5525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5525] munmap(0x7f036dc00000, 138412032) = 0 [pid 5525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5525] close(3) = 0 [pid 5525] close(4) = 0 [pid 5525] mkdir("./bus", 0777) = 0 [pid 5525] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5525] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5525] chdir("./bus") = 0 [ 160.423839][ T5525] loop0: detected capacity change from 0 to 2048 [pid 5525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5525] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... openat resumed>) = 4 [pid 5524] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5525] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... futex resumed>) = 1 [pid 5525] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5525] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] write(6, "t", 1 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... write resumed>) = 1 [pid 5525] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] sendfile(6, 5, NULL, 131071 [pid 5524] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5524] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 160.575278][ T5525] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 160.590814][ T5525] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 160.603247][ T5525] EXT4-fs (loop0): This should not happen!! Data will be lost [ 160.603247][ T5525] [ 160.613363][ T5525] EXT4-fs (loop0): Total free blocks count 0 [ 160.619413][ T5525] EXT4-fs (loop0): Free/Dirty block details [pid 5524] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5528]}, 88) = 5528 ./strace-static-x86_64: Process 5528 attached [pid 5524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5524] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5528] set_robust_list(0x7f03761d69a0, 24 [pid 5525] <... sendfile resumed>) = 75 [pid 5528] <... set_robust_list resumed>) = 0 [pid 5525] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], [pid 5525] <... futex resumed>) = 0 [pid 5528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5525] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5528] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5528] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = 0 [pid 5524] <... futex resumed>) = 1 [pid 5525] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5524] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... mmap resumed>) = 0x20000000 [pid 5525] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] pipe2( [pid 5524] <... futex resumed>) = 0 [pid 5525] <... pipe2 resumed>0x20000240, 0) = 0 [ 160.625405][ T5525] EXT4-fs (loop0): free_blocks=2415919104 [ 160.631291][ T5525] EXT4-fs (loop0): dirty_blocks=16 [ 160.636454][ T5525] EXT4-fs (loop0): Block reservation details [ 160.642535][ T5525] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5524] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] exit_group(0 [pid 5528] <... futex resumed>) = ? [pid 5524] <... exit_group resumed>) = ? [pid 5528] +++ exited with 0 +++ [pid 5525] +++ exited with 0 +++ [pid 5524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5524, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 160.719127][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 160.731664][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 160.731664][ T62] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/bus") = 0 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5529 ./strace-static-x86_64: Process 5529 attached [pid 5529] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5529] chdir("./86") = 0 [pid 5529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5529] setpgid(0, 0) = 0 [pid 5529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5529] write(3, "1000", 4) = 4 [pid 5529] close(3) = 0 [pid 5529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5529] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5529] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5530 attached => {parent_tid=[5530]}, 88) = 5530 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5530] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5529] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] set_robust_list(0x7f03761f79a0, 24 [pid 5529] <... futex resumed>) = 0 [pid 5530] <... set_robust_list resumed>) = 0 [pid 5529] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5530] memfd_create("syzkaller", 0) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5530] munmap(0x7f036dc00000, 138412032) = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5530] close(3) = 0 [pid 5530] close(4) = 0 [pid 5530] mkdir("./bus", 0777) = 0 [pid 5530] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5530] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5530] chdir("./bus") = 0 [ 161.109231][ T5530] loop0: detected capacity change from 0 to 2048 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5530] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] <... futex resumed>) = 0 [pid 5530] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5529] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... openat resumed>) = 4 [pid 5530] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] <... futex resumed>) = 0 [pid 5530] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5529] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... openat resumed>) = 5 [pid 5530] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5530] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 161.176153][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 161.176176][ T29] audit: type=1804 audit(1714530429.985:361): pid=5530 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/86/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5530] write(6, "t", 1) = 1 [pid 5530] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] <... futex resumed>) = 0 [pid 5530] sendfile(6, 5, NULL, 131071 [pid 5529] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 161.208990][ T29] audit: type=1804 audit(1714530430.015:362): pid=5530 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/86/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5529] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5529] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5534 attached [pid 5534] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5534] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5529] <... clone3 resumed> => {parent_tid=[5534]}, 88) = 5534 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5529] <... futex resumed>) = 0 [ 161.280536][ T5530] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 161.295688][ T5530] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 161.308134][ T5530] EXT4-fs (loop0): This should not happen!! Data will be lost [ 161.308134][ T5530] [pid 5529] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5534] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5529] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] <... mmap resumed>) = 0x20000000 [pid 5530] <... sendfile resumed>) = 75 [pid 5534] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] <... futex resumed>) = 0 [pid 5534] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] pipe2(0x20000240, 0) = 0 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... futex resumed>) = 0 [pid 5529] exit_group(0 [pid 5534] <... futex resumed>) = ? [pid 5530] <... futex resumed>) = ? [pid 5529] <... exit_group resumed>) = ? [pid 5534] +++ exited with 0 +++ [pid 5530] +++ exited with 0 +++ [pid 5529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5529, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [ 161.313821][ T29] audit: type=1804 audit(1714530430.125:363): pid=5534 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/86/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 161.318440][ T5530] EXT4-fs (loop0): Total free blocks count 0 [ 161.347354][ T5530] EXT4-fs (loop0): Free/Dirty block details [ 161.353353][ T5530] EXT4-fs (loop0): free_blocks=2415919104 [ 161.359160][ T5530] EXT4-fs (loop0): dirty_blocks=16 [ 161.364366][ T5530] EXT4-fs (loop0): Block reservation details [ 161.370444][ T5530] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 161.453915][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 161.466261][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 161.466261][ T2467] rmdir("./86/bus") = 0 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5535 attached , child_tidptr=0x5555749a2690) = 5535 [pid 5535] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5535] chdir("./87") = 0 [pid 5535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5535] setpgid(0, 0) = 0 [pid 5535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5535] write(3, "1000", 4) = 4 [pid 5535] close(3) = 0 [pid 5535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5535] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5535] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5536 attached => {parent_tid=[5536]}, 88) = 5536 [pid 5535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5535] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5535] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5536] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5536] memfd_create("syzkaller", 0) = 3 [pid 5536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5536] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5536] munmap(0x7f036dc00000, 138412032) = 0 [pid 5536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5536] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5536] close(3) = 0 [pid 5536] close(4) = 0 [pid 5536] mkdir("./bus", 0777) = 0 [pid 5536] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5536] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 161.757930][ T5536] loop0: detected capacity change from 0 to 2048 [pid 5536] chdir("./bus") = 0 [pid 5536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5536] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5536] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5535] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] <... openat resumed>) = 4 [pid 5535] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5535] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5536] <... futex resumed>) = 1 [pid 5535] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5536] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5535] <... futex resumed>) = 1 [pid 5536] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5535] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... openat resumed>) = 6 [pid 5536] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] write(6, "t", 1 [pid 5535] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... write resumed>) = 1 [pid 5536] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5536] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5535] <... futex resumed>) = 1 [pid 5536] sendfile(6, 5, NULL, 131071 [ 161.868824][ T29] audit: type=1804 audit(1714530430.675:364): pid=5536 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/87/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 161.892978][ T29] audit: type=1804 audit(1714530430.675:365): pid=5536 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/87/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5535] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5535] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5535] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 161.942771][ T5536] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 161.958222][ T5536] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 161.970729][ T5536] EXT4-fs (loop0): This should not happen!! Data will be lost [ 161.970729][ T5536] [ 161.981436][ T5536] EXT4-fs (loop0): Total free blocks count 0 [pid 5535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5539 attached [pid 5539] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5539] set_robust_list(0x7f03761d69a0, 24 [pid 5535] <... clone3 resumed> => {parent_tid=[5539]}, 88) = 5539 [pid 5539] <... set_robust_list resumed>) = 0 [pid 5535] rt_sigprocmask(SIG_SETMASK, [], [pid 5539] rt_sigprocmask(SIG_SETMASK, [], [pid 5535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5535] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5535] <... futex resumed>) = 0 [pid 5539] <... open resumed>) = 7 [pid 5535] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5535] <... futex resumed>) = 0 [ 161.987772][ T5536] EXT4-fs (loop0): Free/Dirty block details [ 161.994155][ T5536] EXT4-fs (loop0): free_blocks=2415919104 [ 162.000772][ T29] audit: type=1804 audit(1714530430.815:366): pid=5539 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/87/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 162.026359][ T5536] EXT4-fs (loop0): dirty_blocks=16 [ 162.031869][ T5536] EXT4-fs (loop0): Block reservation details [pid 5535] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5539] <... mmap resumed>) = 0x20000000 [pid 5536] <... sendfile resumed>) = 75 [pid 5539] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5535] <... futex resumed>) = 0 [pid 5539] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5535] <... futex resumed>) = 0 [pid 5536] pipe2( [pid 5535] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5536] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5536] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] exit_group(0 [pid 5539] <... futex resumed>) = ? [pid 5535] <... exit_group resumed>) = ? [pid 5536] <... futex resumed>) = ? [pid 5539] +++ exited with 0 +++ [pid 5536] +++ exited with 0 +++ [pid 5535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5535, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 162.037893][ T5536] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 162.105427][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 162.117812][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 162.117812][ T62] umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/bus") = 0 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5540 attached , child_tidptr=0x5555749a2690) = 5540 [pid 5540] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5540] chdir("./88") = 0 [pid 5540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5540] setpgid(0, 0) = 0 [pid 5540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5540] write(3, "1000", 4) = 4 [pid 5540] close(3) = 0 [pid 5540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5540] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5540] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5541 attached [pid 5541] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5540] <... clone3 resumed> => {parent_tid=[5541]}, 88) = 5541 [pid 5541] <... rseq resumed>) = 0 [pid 5541] set_robust_list(0x7f03761f79a0, 24 [pid 5540] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] <... set_robust_list resumed>) = 0 [pid 5540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5540] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] memfd_create("syzkaller", 0) = 3 [pid 5541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5541] munmap(0x7f036dc00000, 138412032) = 0 [pid 5541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5541] close(3) = 0 [pid 5541] close(4) = 0 [pid 5541] mkdir("./bus", 0777) = 0 [pid 5541] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5541] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5541] chdir("./bus") = 0 [pid 5541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5541] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] <... futex resumed>) = 0 [ 162.538798][ T5541] loop0: detected capacity change from 0 to 2048 [pid 5541] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5540] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... openat resumed>) = 4 [pid 5541] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] <... futex resumed>) = 0 [pid 5541] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5540] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... openat resumed>) = 5 [pid 5541] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 0 [pid 5540] <... futex resumed>) = 1 [ 162.603480][ T29] audit: type=1804 audit(1714530431.415:367): pid=5541 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/88/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5540] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5541] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] write(6, "t", 1 [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... write resumed>) = 1 [pid 5541] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] sendfile(6, 5, NULL, 131071 [pid 5540] <... futex resumed>) = 0 [ 162.643913][ T29] audit: type=1804 audit(1714530431.455:368): pid=5541 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/88/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5540] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5540] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 162.720876][ T5541] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 162.737150][ T5541] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 162.750187][ T5541] EXT4-fs (loop0): This should not happen!! Data will be lost [ 162.750187][ T5541] [ 162.759858][ T5541] EXT4-fs (loop0): Total free blocks count 0 [pid 5540] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5541] <... sendfile resumed>) = 75 [pid 5540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 5541] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5544 attached ) = 0 [pid 5540] <... clone3 resumed> => {parent_tid=[5544]}, 88) = 5544 [pid 5544] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5541] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5540] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... rseq resumed>) = 0 [pid 5544] set_robust_list(0x7f03761d69a0, 24 [pid 5540] <... futex resumed>) = 0 [pid 5544] <... set_robust_list resumed>) = 0 [pid 5540] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5544] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 162.766159][ T5541] EXT4-fs (loop0): Free/Dirty block details [ 162.772142][ T5541] EXT4-fs (loop0): free_blocks=2415919104 [ 162.777881][ T5541] EXT4-fs (loop0): dirty_blocks=16 [ 162.783101][ T5541] EXT4-fs (loop0): Block reservation details [ 162.789117][ T5541] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5544] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = 1 [pid 5541] <... futex resumed>) = 0 [pid 5540] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5541] pipe2( [pid 5540] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = 1 [pid 5540] exit_group(0 [pid 5541] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5544] <... futex resumed>) = ? [pid 5540] <... exit_group resumed>) = ? [pid 5544] +++ exited with 0 +++ [pid 5541] <... futex resumed>) = ? [pid 5541] +++ exited with 0 +++ [pid 5540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5540, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 162.813954][ T29] audit: type=1804 audit(1714530431.625:369): pid=5544 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/88/bus/bus" dev="loop0" ino=18 res=1 errno=0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 162.877741][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 162.890303][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 162.890303][ T139] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/bus") = 0 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5545 attached , child_tidptr=0x5555749a2690) = 5545 [pid 5545] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5545] chdir("./89") = 0 [pid 5545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5545] setpgid(0, 0) = 0 [pid 5545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5545] write(3, "1000", 4) = 4 [pid 5545] close(3) = 0 [pid 5545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5545] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5545] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5546 attached [pid 5546] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5545] <... clone3 resumed> => {parent_tid=[5546]}, 88) = 5546 [pid 5546] set_robust_list(0x7f03761f79a0, 24 [pid 5545] rt_sigprocmask(SIG_SETMASK, [], [pid 5546] <... set_robust_list resumed>) = 0 [pid 5545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5546] rt_sigprocmask(SIG_SETMASK, [], [pid 5545] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5545] <... futex resumed>) = 0 [pid 5546] memfd_create("syzkaller", 0 [pid 5545] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5546] <... memfd_create resumed>) = 3 [pid 5546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5546] munmap(0x7f036dc00000, 138412032) = 0 [pid 5546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5546] close(3) = 0 [pid 5546] close(4) = 0 [pid 5546] mkdir("./bus", 0777) = 0 [pid 5546] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5546] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 163.236992][ T5546] loop0: detected capacity change from 0 to 2048 [pid 5546] chdir("./bus") = 0 [pid 5546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5546] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5546] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5545] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5545] <... futex resumed>) = 0 [pid 5545] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5546] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5546] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5545] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5545] <... futex resumed>) = 0 [pid 5546] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5545] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] <... openat resumed>) = 5 [pid 5546] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5545] <... futex resumed>) = 0 [pid 5545] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] <... futex resumed>) = 0 [pid 5546] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5546] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5546] write(6, "t", 1 [pid 5545] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] <... write resumed>) = 1 [pid 5546] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5545] <... futex resumed>) = 0 [pid 5546] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5545] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] sendfile(6, 5, NULL, 131071 [pid 5545] <... futex resumed>) = 0 [ 163.318248][ T29] audit: type=1804 audit(1714530432.125:370): pid=5546 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/89/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5545] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5545] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 163.403116][ T5546] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 163.419047][ T5546] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 163.432157][ T5546] EXT4-fs (loop0): This should not happen!! Data will be lost [ 163.432157][ T5546] [ 163.442278][ T5546] EXT4-fs (loop0): Total free blocks count 0 [pid 5545] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5549 attached => {parent_tid=[5549]}, 88) = 5549 [pid 5549] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5545] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] <... rseq resumed>) = 0 [pid 5545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] set_robust_list(0x7f03761d69a0, 24 [pid 5545] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... set_robust_list resumed>) = 0 [pid 5545] <... futex resumed>) = 0 [pid 5549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5545] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5549] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... sendfile resumed>) = 75 [pid 5549] <... futex resumed>) = 1 [pid 5546] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = 0 [pid 5549] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] <... futex resumed>) = 0 [pid 5545] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5546] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5545] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] pipe2( [pid 5545] <... futex resumed>) = 0 [pid 5546] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5545] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5546] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5545] exit_group(0 [pid 5549] <... futex resumed>) = ? [pid 5546] <... futex resumed>) = ? [pid 5549] +++ exited with 0 +++ [pid 5546] +++ exited with 0 +++ [pid 5545] <... exit_group resumed>) = ? [pid 5545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5545, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [ 163.448886][ T5546] EXT4-fs (loop0): Free/Dirty block details [ 163.455277][ T5546] EXT4-fs (loop0): free_blocks=2415919104 [ 163.461311][ T5546] EXT4-fs (loop0): dirty_blocks=16 [ 163.466435][ T5546] EXT4-fs (loop0): Block reservation details [ 163.475125][ T5546] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/bus") = 0 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 163.575193][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 163.587462][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 163.587462][ T2467] getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5550 attached , child_tidptr=0x5555749a2690) = 5550 [pid 5550] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5550] chdir("./90") = 0 [pid 5550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5550] setpgid(0, 0) = 0 [pid 5550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5550] write(3, "1000", 4) = 4 [pid 5550] close(3) = 0 [pid 5550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5550] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5550] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5550] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5551 attached [pid 5551] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5550] <... clone3 resumed> => {parent_tid=[5551]}, 88) = 5551 [pid 5551] set_robust_list(0x7f03761f79a0, 24 [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5551] <... set_robust_list resumed>) = 0 [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5550] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] memfd_create("syzkaller", 0 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5551] <... memfd_create resumed>) = 3 [pid 5551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5551] munmap(0x7f036dc00000, 138412032) = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5551] close(3) = 0 [pid 5551] close(4) = 0 [pid 5551] mkdir("./bus", 0777) = 0 [ 163.865175][ T5551] loop0: detected capacity change from 0 to 2048 [pid 5551] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5551] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5551] chdir("./bus") = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5551] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [pid 5551] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5550] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... openat resumed>) = 4 [pid 5551] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [ 163.915924][ T5551] EXT4-fs mount: 24 callbacks suppressed [ 163.915943][ T5551] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5550] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5551] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5550] <... futex resumed>) = 1 [pid 5551] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5550] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... openat resumed>) = 6 [pid 5551] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [pid 5551] write(6, "t", 1 [pid 5550] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... write resumed>) = 1 [pid 5551] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [pid 5551] sendfile(6, 5, NULL, 131071 [pid 5550] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5550] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 164.048258][ T5551] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 164.063496][ T5551] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 164.075819][ T5551] EXT4-fs (loop0): This should not happen!! Data will be lost [ 164.075819][ T5551] [ 164.085557][ T5551] EXT4-fs (loop0): Total free blocks count 0 [ 164.091667][ T5551] EXT4-fs (loop0): Free/Dirty block details [pid 5550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5554]}, 88) = 5554 ./strace-static-x86_64: Process 5554 attached [pid 5550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5550] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5554] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5550] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... rseq resumed>) = 0 [pid 5554] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5554] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5554] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5554] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5551] <... sendfile resumed>) = 75 [pid 5550] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [pid 5554] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5551] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5554] <... mmap resumed>) = 0x20000000 [pid 5551] <... futex resumed>) = 0 [pid 5554] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... futex resumed>) = 0 [pid 5554] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [pid 5551] pipe2( [pid 5550] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5551] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... futex resumed>) = 0 [pid 5550] exit_group(0) = ? [pid 5554] <... futex resumed>) = ? [pid 5551] <... futex resumed>) = ? [pid 5554] +++ exited with 0 +++ [pid 5551] +++ exited with 0 +++ [pid 5550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5550, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [ 164.097601][ T5551] EXT4-fs (loop0): free_blocks=2415919104 [ 164.103512][ T5551] EXT4-fs (loop0): dirty_blocks=16 [ 164.108722][ T5551] EXT4-fs (loop0): Block reservation details [ 164.114919][ T5551] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 164.234395][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/bus") = 0 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5555 attached , child_tidptr=0x5555749a2690) = 5555 [pid 5555] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5555] chdir("./91") = 0 [pid 5555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5555] setpgid(0, 0) = 0 [pid 5555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5555] write(3, "1000", 4) = 4 [pid 5555] close(3) = 0 [pid 5555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5555] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5555] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5556 attached => {parent_tid=[5556]}, 88) = 5556 [pid 5556] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5556] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], [pid 5556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5556] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5555] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = 0 [pid 5556] memfd_create("syzkaller", 0 [pid 5555] <... futex resumed>) = 1 [pid 5555] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5556] <... memfd_create resumed>) = 3 [pid 5556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5556] munmap(0x7f036dc00000, 138412032) = 0 [pid 5556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5556] close(3) = 0 [pid 5556] close(4) = 0 [pid 5556] mkdir("./bus", 0777) = 0 [ 164.634516][ T5556] loop0: detected capacity change from 0 to 2048 [pid 5556] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5556] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5556] chdir("./bus") = 0 [pid 5556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5556] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5556] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5555] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... openat resumed>) = 4 [pid 5556] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5556] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5555] <... futex resumed>) = 0 [pid 5556] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5555] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... openat resumed>) = 5 [pid 5556] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = 1 [pid 5555] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... openat resumed>) = 6 [pid 5556] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5556] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5555] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] write(6, "t", 1 [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... write resumed>) = 1 [pid 5556] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5556] sendfile(6, 5, NULL, 131071 [ 164.694915][ T5556] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5555] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5555] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5555] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 164.807086][ T5556] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 164.822350][ T5556] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 164.835227][ T5556] EXT4-fs (loop0): This should not happen!! Data will be lost [ 164.835227][ T5556] [ 164.845402][ T5556] EXT4-fs (loop0): Total free blocks count 0 [ 164.851586][ T5556] EXT4-fs (loop0): Free/Dirty block details [pid 5555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5559 attached => {parent_tid=[5559]}, 88) = 5559 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], [pid 5559] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5555] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5555] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... rseq resumed>) = 0 [pid 5559] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5559] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5556] <... sendfile resumed>) = 75 [pid 5559] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5559] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] <... futex resumed>) = 0 [pid 5555] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... mmap resumed>) = 0x20000000 [pid 5556] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = 1 [pid 5555] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5556] pipe2( [pid 5555] <... futex resumed>) = 0 [pid 5555] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5556] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = 0 [pid 5555] exit_group(0 [pid 5559] <... futex resumed>) = ? [pid 5556] <... futex resumed>) = ? [pid 5555] <... exit_group resumed>) = ? [pid 5559] +++ exited with 0 +++ [pid 5556] +++ exited with 0 +++ [pid 5555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5555, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 164.859306][ T5556] EXT4-fs (loop0): free_blocks=2415919104 [ 164.865342][ T5556] EXT4-fs (loop0): dirty_blocks=16 [ 164.871733][ T5556] EXT4-fs (loop0): Block reservation details [ 164.877853][ T5556] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 164.994175][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./91/bus") = 0 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5560 attached , child_tidptr=0x5555749a2690) = 5560 [pid 5560] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5560] chdir("./92") = 0 [pid 5560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5560] setpgid(0, 0) = 0 [pid 5560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5560] write(3, "1000", 4) = 4 [pid 5560] close(3) = 0 [pid 5560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5560] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5560] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5560] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5561 attached [pid 5561] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5560] <... clone3 resumed> => {parent_tid=[5561]}, 88) = 5561 [pid 5561] set_robust_list(0x7f03761f79a0, 24 [pid 5560] rt_sigprocmask(SIG_SETMASK, [], [pid 5561] <... set_robust_list resumed>) = 0 [pid 5560] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] rt_sigprocmask(SIG_SETMASK, [], [pid 5560] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] memfd_create("syzkaller", 0 [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5561] <... memfd_create resumed>) = 3 [pid 5561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5561] munmap(0x7f036dc00000, 138412032) = 0 [pid 5561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5561] close(3) = 0 [pid 5561] close(4) = 0 [pid 5561] mkdir("./bus", 0777) = 0 [ 165.303853][ T5561] loop0: detected capacity change from 0 to 2048 [pid 5561] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5561] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5561] chdir("./bus") = 0 [pid 5561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5561] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] <... futex resumed>) = 0 [pid 5560] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5561] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5561] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5561] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5560] <... futex resumed>) = 0 [pid 5561] <... openat resumed>) = 5 [pid 5560] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5561] <... futex resumed>) = 0 [pid 5560] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5560] <... futex resumed>) = 0 [ 165.357549][ T5561] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5560] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5561] <... futex resumed>) = 1 [pid 5560] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] write(6, "t", 1 [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... write resumed>) = 1 [pid 5561] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] <... futex resumed>) = 0 [pid 5561] sendfile(6, 5, NULL, 131071 [pid 5560] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5560] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5560] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5564]}, 88) = 5564 [pid 5560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5560] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5564 attached [ 165.476205][ T5561] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 165.492048][ T5561] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 165.504407][ T5561] EXT4-fs (loop0): This should not happen!! Data will be lost [ 165.504407][ T5561] [ 165.514275][ T5561] EXT4-fs (loop0): Total free blocks count 0 [ 165.520427][ T5561] EXT4-fs (loop0): Free/Dirty block details [pid 5564] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5561] <... sendfile resumed>) = 75 [pid 5564] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5561] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] rt_sigprocmask(SIG_SETMASK, [], [pid 5561] <... futex resumed>) = 0 [pid 5561] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5564] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5564] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5560] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5564] <... futex resumed>) = 1 [pid 5561] <... futex resumed>) = 0 [pid 5564] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5561] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... futex resumed>) = 1 [pid 5561] pipe2(0x20000240, 0) = 0 [pid 5561] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5560] exit_group(0) = ? [pid 5564] <... futex resumed>) = ? [pid 5564] +++ exited with 0 +++ [pid 5561] <... futex resumed>) = ? [ 165.526432][ T5561] EXT4-fs (loop0): free_blocks=2415919104 [ 165.532294][ T5561] EXT4-fs (loop0): dirty_blocks=16 [ 165.537450][ T5561] EXT4-fs (loop0): Block reservation details [ 165.543529][ T5561] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5561] +++ exited with 0 +++ [pid 5560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5560, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 165.616115][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/bus") = 0 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5565 attached , child_tidptr=0x5555749a2690) = 5565 [pid 5565] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5565] chdir("./93") = 0 [pid 5565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5565] setpgid(0, 0) = 0 [pid 5565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5565] write(3, "1000", 4) = 4 [pid 5565] close(3) = 0 [pid 5565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5565] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5565] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5565] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5566 attached [pid 5566] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5565] <... clone3 resumed> => {parent_tid=[5566]}, 88) = 5566 [pid 5566] set_robust_list(0x7f03761f79a0, 24 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], [pid 5566] <... set_robust_list resumed>) = 0 [pid 5565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5566] rt_sigprocmask(SIG_SETMASK, [], [pid 5565] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5565] <... futex resumed>) = 0 [pid 5566] memfd_create("syzkaller", 0 [pid 5565] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5566] <... memfd_create resumed>) = 3 [pid 5566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5566] munmap(0x7f036dc00000, 138412032) = 0 [pid 5566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5566] close(3) = 0 [pid 5566] close(4) = 0 [pid 5566] mkdir("./bus", 0777) = 0 [ 165.948513][ T5566] loop0: detected capacity change from 0 to 2048 [pid 5566] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5566] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5566] chdir("./bus") = 0 [pid 5566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5566] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5565] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... openat resumed>) = 4 [pid 5566] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5566] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5565] <... futex resumed>) = 1 [pid 5566] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5565] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... openat resumed>) = 6 [ 166.004617][ T5566] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5566] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] <... futex resumed>) = 0 [pid 5566] write(6, "t", 1 [pid 5565] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... write resumed>) = 1 [pid 5566] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] sendfile(6, 5, NULL, 131071 [pid 5565] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5565] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 166.116342][ T5566] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 166.131399][ T5566] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 166.143965][ T5566] EXT4-fs (loop0): This should not happen!! Data will be lost [ 166.143965][ T5566] [ 166.153893][ T5566] EXT4-fs (loop0): Total free blocks count 0 [ 166.159992][ T5566] EXT4-fs (loop0): Free/Dirty block details [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5565] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5566] <... sendfile resumed>) = 75 [pid 5566] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5569 attached [pid 5569] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5565] <... clone3 resumed> => {parent_tid=[5569]}, 88) = 5569 [pid 5569] <... rseq resumed>) = 0 [pid 5569] set_robust_list(0x7f03761d69a0, 24 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], [pid 5569] <... set_robust_list resumed>) = 0 [pid 5565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5569] rt_sigprocmask(SIG_SETMASK, [], [pid 5565] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5565] <... futex resumed>) = 0 [pid 5569] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5565] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... open resumed>) = 7 [ 166.165983][ T5566] EXT4-fs (loop0): free_blocks=2415919104 [ 166.171822][ T5566] EXT4-fs (loop0): dirty_blocks=16 [ 166.176967][ T5566] EXT4-fs (loop0): Block reservation details [ 166.183026][ T5566] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5569] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5569] <... futex resumed>) = 1 [pid 5565] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5566] <... futex resumed>) = 0 [pid 5565] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5565] <... futex resumed>) = 0 [pid 5566] <... futex resumed>) = 1 [pid 5565] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] pipe2( [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5566] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5566] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] <... futex resumed>) = 0 [pid 5565] exit_group(0) = ? [pid 5569] <... futex resumed>) = ? [pid 5566] <... futex resumed>) = ? [pid 5569] +++ exited with 0 +++ [pid 5566] +++ exited with 0 +++ [pid 5565] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5565, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [ 166.208203][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 166.208226][ T29] audit: type=1804 audit(1714530435.015:384): pid=5569 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/93/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/bus") = 0 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 166.314404][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5570 attached , child_tidptr=0x5555749a2690) = 5570 [pid 5570] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5570] chdir("./94") = 0 [pid 5570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5570] setpgid(0, 0) = 0 [pid 5570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5570] write(3, "1000", 4) = 4 [pid 5570] close(3) = 0 [pid 5570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5570] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5570] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5571 attached [pid 5571] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5570] <... clone3 resumed> => {parent_tid=[5571]}, 88) = 5571 [pid 5571] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] memfd_create("syzkaller", 0 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5571] <... memfd_create resumed>) = 3 [pid 5571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5571] munmap(0x7f036dc00000, 138412032) = 0 [pid 5571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5571] close(3) = 0 [pid 5571] close(4) = 0 [pid 5571] mkdir("./bus", 0777) = 0 [ 166.595504][ T5571] loop0: detected capacity change from 0 to 2048 [pid 5571] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5571] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5571] chdir("./bus") = 0 [pid 5571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5571] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = 0 [pid 5571] <... futex resumed>) = 1 [pid 5570] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5570] <... futex resumed>) = 0 [pid 5571] <... openat resumed>) = 4 [pid 5570] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5570] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... futex resumed>) = 0 [pid 5571] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 166.636107][ T5571] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5571] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5570] <... futex resumed>) = 0 [pid 5571] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5570] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... openat resumed>) = 6 [pid 5571] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] write(6, "t", 1 [pid 5570] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... write resumed>) = 1 [pid 5571] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5570] <... futex resumed>) = 0 [pid 5571] sendfile(6, 5, NULL, 131071 [ 166.683390][ T29] audit: type=1804 audit(1714530435.495:385): pid=5571 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/94/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 166.708084][ T29] audit: type=1804 audit(1714530435.495:386): pid=5571 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/94/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5570] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5570] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5570] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5574 attached [ 166.757205][ T5571] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 166.772512][ T5571] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 166.784851][ T5571] EXT4-fs (loop0): This should not happen!! Data will be lost [ 166.784851][ T5571] [ 166.794597][ T5571] EXT4-fs (loop0): Total free blocks count 0 [ 166.800660][ T5571] EXT4-fs (loop0): Free/Dirty block details [pid 5574] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5570] <... clone3 resumed> => {parent_tid=[5574]}, 88) = 5574 [pid 5574] set_robust_list(0x7f03761d69a0, 24 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5574] <... set_robust_list resumed>) = 0 [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5574] rt_sigprocmask(SIG_SETMASK, [], [pid 5570] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5574] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5570] <... futex resumed>) = 0 [pid 5574] <... open resumed>) = 7 [pid 5570] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = 0 [pid 5570] <... futex resumed>) = 1 [pid 5574] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5574] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = 0 [pid 5571] <... futex resumed>) = 0 [pid 5574] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5570] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = 0 [pid 5570] <... futex resumed>) = 1 [pid 5570] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] pipe2(0x20000240, 0) = 0 [pid 5571] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] exit_group(0 [pid 5574] <... futex resumed>) = ? [pid 5571] <... futex resumed>) = ? [pid 5570] <... exit_group resumed>) = ? [pid 5574] +++ exited with 0 +++ [pid 5571] +++ exited with 0 +++ [pid 5570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5570, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [ 166.806607][ T5571] EXT4-fs (loop0): free_blocks=2415919104 [ 166.812452][ T5571] EXT4-fs (loop0): dirty_blocks=16 [ 166.816569][ T29] audit: type=1804 audit(1714530435.625:387): pid=5574 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/94/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 166.817597][ T5571] EXT4-fs (loop0): Block reservation details [ 166.817622][ T5571] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 166.933112][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/bus") = 0 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5575 attached , child_tidptr=0x5555749a2690) = 5575 [pid 5575] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5575] chdir("./95") = 0 [pid 5575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5575] setpgid(0, 0) = 0 [pid 5575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5575] write(3, "1000", 4) = 4 [pid 5575] close(3) = 0 [pid 5575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5575] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5575] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5576 attached => {parent_tid=[5576]}, 88) = 5576 [pid 5575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5575] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5576] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5576] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5576] memfd_create("syzkaller", 0) = 3 [pid 5576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5576] munmap(0x7f036dc00000, 138412032) = 0 [pid 5576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5576] close(3) = 0 [pid 5576] close(4) = 0 [pid 5576] mkdir("./bus", 0777) = 0 [ 167.284929][ T5576] loop0: detected capacity change from 0 to 2048 [pid 5576] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5576] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5576] chdir("./bus") = 0 [pid 5576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5576] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5576] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5575] <... futex resumed>) = 0 [pid 5576] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5575] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] <... openat resumed>) = 4 [pid 5576] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5576] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5575] <... futex resumed>) = 0 [pid 5576] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5575] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] <... openat resumed>) = 5 [ 167.337148][ T5576] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5576] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5576] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5575] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... openat resumed>) = 6 [pid 5575] <... futex resumed>) = 0 [pid 5575] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5575] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = 0 [pid 5575] <... futex resumed>) = 0 [pid 5576] write(6, "t", 1 [pid 5575] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] <... write resumed>) = 1 [pid 5576] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5575] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] sendfile(6, 5, NULL, 131071 [pid 5575] <... futex resumed>) = 0 [ 167.382603][ T29] audit: type=1804 audit(1714530436.195:388): pid=5576 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/95/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 167.408818][ T29] audit: type=1804 audit(1714530436.225:389): pid=5576 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/95/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5575] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5575] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5575] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5579 attached [pid 5579] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5579] set_robust_list(0x7f03761d69a0, 24 [pid 5575] <... clone3 resumed> => {parent_tid=[5579]}, 88) = 5579 [pid 5579] <... set_robust_list resumed>) = 0 [pid 5579] rt_sigprocmask(SIG_SETMASK, [], [pid 5575] rt_sigprocmask(SIG_SETMASK, [], [pid 5579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5579] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5579] <... futex resumed>) = 0 [pid 5575] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 167.485238][ T5576] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 167.500395][ T5576] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 167.513058][ T5576] EXT4-fs (loop0): This should not happen!! Data will be lost [ 167.513058][ T5576] [ 167.522949][ T5576] EXT4-fs (loop0): Total free blocks count 0 [ 167.528995][ T5576] EXT4-fs (loop0): Free/Dirty block details [pid 5579] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5579] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5575] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5576] <... sendfile resumed>) = 75 [pid 5579] <... mmap resumed>) = 0x20000000 [pid 5576] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... futex resumed>) = 0 [pid 5579] <... futex resumed>) = 1 [pid 5576] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] <... futex resumed>) = 0 [pid 5579] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5575] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] pipe2(0x20000240, 0) = 0 [pid 5576] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5576] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] exit_group(0 [pid 5579] <... futex resumed>) = ? [pid 5576] <... futex resumed>) = ? [pid 5575] <... exit_group resumed>) = ? [pid 5579] +++ exited with 0 +++ [pid 5576] +++ exited with 0 +++ [pid 5575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5575, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [ 167.529574][ T29] audit: type=1804 audit(1714530436.335:390): pid=5579 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/95/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 167.535585][ T5576] EXT4-fs (loop0): free_blocks=2415919104 [ 167.564969][ T5576] EXT4-fs (loop0): dirty_blocks=16 [ 167.570739][ T5576] EXT4-fs (loop0): Block reservation details [ 167.576869][ T5576] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 167.685507][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./95/bus") = 0 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5580 attached , child_tidptr=0x5555749a2690) = 5580 [pid 5580] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5580] chdir("./96") = 0 [pid 5580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5580] setpgid(0, 0) = 0 [pid 5580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5580] write(3, "1000", 4) = 4 [pid 5580] close(3) = 0 [pid 5580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5580] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5580] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5581 attached [pid 5581] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5580] <... clone3 resumed> => {parent_tid=[5581]}, 88) = 5581 [pid 5581] <... rseq resumed>) = 0 [pid 5580] rt_sigprocmask(SIG_SETMASK, [], [pid 5581] set_robust_list(0x7f03761f79a0, 24 [pid 5580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] <... set_robust_list resumed>) = 0 [pid 5580] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], [pid 5580] <... futex resumed>) = 0 [pid 5581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] memfd_create("syzkaller", 0 [pid 5580] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5581] <... memfd_create resumed>) = 3 [pid 5581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5581] munmap(0x7f036dc00000, 138412032) = 0 [pid 5581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5581] close(3) = 0 [pid 5581] close(4) = 0 [pid 5581] mkdir("./bus", 0777) = 0 [ 168.007872][ T5581] loop0: detected capacity change from 0 to 2048 [pid 5581] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5581] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5581] chdir("./bus") = 0 [pid 5581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5581] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5581] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5580] <... futex resumed>) = 0 [pid 5581] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 168.056219][ T5581] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5580] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = 0 [pid 5580] <... futex resumed>) = 1 [pid 5581] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5580] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... openat resumed>) = 5 [pid 5581] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] <... futex resumed>) = 0 [pid 5580] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5581] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] write(6, "t", 1 [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... write resumed>) = 1 [pid 5581] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = 0 [pid 5581] sendfile(6, 5, NULL, 131071 [pid 5580] <... futex resumed>) = 1 [ 168.118857][ T29] audit: type=1804 audit(1714530436.925:391): pid=5581 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/96/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 168.143933][ T29] audit: type=1804 audit(1714530436.925:392): pid=5581 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/96/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5580] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5580] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5580] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 168.215835][ T5581] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 168.234518][ T5581] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 168.247520][ T5581] EXT4-fs (loop0): This should not happen!! Data will be lost [ 168.247520][ T5581] [ 168.257654][ T5581] EXT4-fs (loop0): Total free blocks count 0 [pid 5580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5584 attached [pid 5584] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5580] <... clone3 resumed> => {parent_tid=[5584]}, 88) = 5584 [pid 5584] <... rseq resumed>) = 0 [pid 5580] rt_sigprocmask(SIG_SETMASK, [], [pid 5584] set_robust_list(0x7f03761d69a0, 24 [pid 5580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5584] <... set_robust_list resumed>) = 0 [pid 5580] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] rt_sigprocmask(SIG_SETMASK, [], [pid 5580] <... futex resumed>) = 0 [pid 5584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5580] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5584] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5580] <... futex resumed>) = 1 [ 168.263714][ T5581] EXT4-fs (loop0): Free/Dirty block details [ 168.270290][ T5581] EXT4-fs (loop0): free_blocks=2415919104 [ 168.276078][ T5581] EXT4-fs (loop0): dirty_blocks=16 [ 168.282223][ T5581] EXT4-fs (loop0): Block reservation details [ 168.284749][ T29] audit: type=1804 audit(1714530437.095:393): pid=5584 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/96/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5584] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5580] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... mmap resumed>) = 0x20000000 [pid 5581] <... sendfile resumed>) = 75 [pid 5581] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5584] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = 0 [pid 5580] <... futex resumed>) = 1 [pid 5581] pipe2( [pid 5580] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5581] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] <... futex resumed>) = 0 [pid 5580] exit_group(0) = ? [pid 5584] <... futex resumed>) = ? [pid 5584] +++ exited with 0 +++ [pid 5581] <... futex resumed>) = ? [ 168.288873][ T5581] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5581] +++ exited with 0 +++ [pid 5580] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5580, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 168.364187][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./96/bus") = 0 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5585 attached , child_tidptr=0x5555749a2690) = 5585 [pid 5585] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5585] chdir("./97") = 0 [pid 5585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5585] setpgid(0, 0) = 0 [pid 5585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5585] write(3, "1000", 4) = 4 [pid 5585] close(3) = 0 [pid 5585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5585] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5585] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5586 attached [pid 5586] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5585] <... clone3 resumed> => {parent_tid=[5586]}, 88) = 5586 [pid 5586] set_robust_list(0x7f03761f79a0, 24 [pid 5585] rt_sigprocmask(SIG_SETMASK, [], [pid 5586] <... set_robust_list resumed>) = 0 [pid 5585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5586] rt_sigprocmask(SIG_SETMASK, [], [pid 5585] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5585] <... futex resumed>) = 0 [pid 5586] memfd_create("syzkaller", 0 [pid 5585] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5586] <... memfd_create resumed>) = 3 [pid 5586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5586] munmap(0x7f036dc00000, 138412032) = 0 [pid 5586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5586] close(3) = 0 [pid 5586] close(4) = 0 [pid 5586] mkdir("./bus", 0777) = 0 [pid 5586] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5586] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 168.693729][ T5586] loop0: detected capacity change from 0 to 2048 [ 168.729654][ T5586] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5586] chdir("./bus") = 0 [pid 5586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5586] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = 0 [pid 5586] <... futex resumed>) = 1 [pid 5585] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5585] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... openat resumed>) = 4 [pid 5586] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] <... futex resumed>) = 0 [pid 5585] <... futex resumed>) = 1 [pid 5586] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5585] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... openat resumed>) = 5 [pid 5586] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] <... futex resumed>) = 0 [pid 5585] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5585] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5586] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5586] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5585] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5586] write(6, "t", 1 [pid 5585] <... futex resumed>) = 0 [pid 5586] <... write resumed>) = 1 [pid 5585] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5585] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] <... futex resumed>) = 0 [pid 5586] sendfile(6, 5, NULL, 131071 [pid 5585] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5585] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5585] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 168.899152][ T5586] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 168.914863][ T5586] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 168.927626][ T5586] EXT4-fs (loop0): This should not happen!! Data will be lost [ 168.927626][ T5586] [ 168.937399][ T5586] EXT4-fs (loop0): Total free blocks count 0 [pid 5585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5590 attached [pid 5590] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5585] <... clone3 resumed> => {parent_tid=[5590]}, 88) = 5590 [pid 5590] <... rseq resumed>) = 0 [pid 5585] rt_sigprocmask(SIG_SETMASK, [], [pid 5590] set_robust_list(0x7f03761d69a0, 24 [pid 5585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5590] <... set_robust_list resumed>) = 0 [pid 5585] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], [pid 5585] <... futex resumed>) = 0 [pid 5590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5590] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5585] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... open resumed>) = 7 [pid 5590] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5590] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5585] <... futex resumed>) = 0 [pid 5590] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5585] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] <... sendfile resumed>) = 75 [pid 5586] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] <... mmap resumed>) = 0x20000000 [pid 5590] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5590] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5585] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5586] pipe2(0x20000240, 0) = 0 [pid 5586] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5585] <... futex resumed>) = 0 [pid 5586] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5585] exit_group(0 [pid 5590] <... futex resumed>) = ? [pid 5586] <... futex resumed>) = ? [pid 5585] <... exit_group resumed>) = ? [pid 5590] +++ exited with 0 +++ [pid 5586] +++ exited with 0 +++ [pid 5585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5585, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [ 168.944091][ T5586] EXT4-fs (loop0): Free/Dirty block details [ 168.949996][ T5586] EXT4-fs (loop0): free_blocks=2415919104 [ 168.956909][ T5586] EXT4-fs (loop0): dirty_blocks=16 [ 168.962743][ T5586] EXT4-fs (loop0): Block reservation details [ 168.968772][ T5586] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 169.032891][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/bus") = 0 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5591 attached , child_tidptr=0x5555749a2690) = 5591 [pid 5591] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5591] chdir("./98") = 0 [pid 5591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5591] setpgid(0, 0) = 0 [pid 5591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5591] write(3, "1000", 4) = 4 [pid 5591] close(3) = 0 [pid 5591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5591] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5591] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5592 attached [pid 5592] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5591] <... clone3 resumed> => {parent_tid=[5592]}, 88) = 5592 [pid 5592] set_robust_list(0x7f03761f79a0, 24 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5592] <... set_robust_list resumed>) = 0 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5591] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] memfd_create("syzkaller", 0 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5592] <... memfd_create resumed>) = 3 [pid 5592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5592] munmap(0x7f036dc00000, 138412032) = 0 [pid 5592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5592] close(3) = 0 [pid 5592] close(4) = 0 [pid 5592] mkdir("./bus", 0777) = 0 [ 169.376378][ T5592] loop0: detected capacity change from 0 to 2048 [pid 5592] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5592] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5592] chdir("./bus") = 0 [pid 5592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5592] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5592] <... futex resumed>) = 1 [pid 5591] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... openat resumed>) = 4 [pid 5592] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5592] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5591] <... futex resumed>) = 0 [pid 5592] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5591] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... openat resumed>) = 5 [pid 5592] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5592] <... futex resumed>) = 1 [pid 5591] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... openat resumed>) = 6 [pid 5592] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5592] <... futex resumed>) = 1 [pid 5591] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] write(6, "t", 1 [pid 5591] <... futex resumed>) = 0 [ 169.434091][ T5592] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5591] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... write resumed>) = 1 [pid 5592] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] sendfile(6, 5, NULL, 131071 [pid 5591] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5591] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5591] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5595]}, 88) = 5595 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5591] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 169.544424][ T5592] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 169.560655][ T5592] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 169.572974][ T5592] EXT4-fs (loop0): This should not happen!! Data will be lost [ 169.572974][ T5592] [ 169.583060][ T5592] EXT4-fs (loop0): Total free blocks count 0 [pid 5591] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5595 attached [pid 5595] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5595] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5595] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5592] <... sendfile resumed>) = 75 [pid 5595] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5591] <... futex resumed>) = 0 [pid 5595] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5592] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5591] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... mmap resumed>) = 0x20000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... futex resumed>) = 1 [pid 5592] pipe2(0x20000240, 0) = 0 [ 169.589098][ T5592] EXT4-fs (loop0): Free/Dirty block details [ 169.595946][ T5592] EXT4-fs (loop0): free_blocks=2415919104 [ 169.601919][ T5592] EXT4-fs (loop0): dirty_blocks=16 [ 169.607335][ T5592] EXT4-fs (loop0): Block reservation details [ 169.613735][ T5592] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5592] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] exit_group(0) = ? [pid 5595] <... futex resumed>) = ? [pid 5595] +++ exited with 0 +++ [pid 5592] <... futex resumed>) = ? [pid 5592] +++ exited with 0 +++ [pid 5591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5591, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 169.723595][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./98/bus") = 0 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5596 attached , child_tidptr=0x5555749a2690) = 5596 [pid 5596] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5596] chdir("./99") = 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5596] setpgid(0, 0) = 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5596] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5596] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5597 attached [pid 5597] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5596] <... clone3 resumed> => {parent_tid=[5597]}, 88) = 5597 [pid 5597] set_robust_list(0x7f03761f79a0, 24 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5597] <... set_robust_list resumed>) = 0 [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5596] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] memfd_create("syzkaller", 0 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5597] <... memfd_create resumed>) = 3 [pid 5597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5597] munmap(0x7f036dc00000, 138412032) = 0 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5597] close(3) = 0 [pid 5597] close(4) = 0 [pid 5597] mkdir("./bus", 0777) = 0 [ 170.090720][ T5597] loop0: detected capacity change from 0 to 2048 [pid 5597] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5597] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5597] chdir("./bus") = 0 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5597] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5597] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5596] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... openat resumed>) = 4 [pid 5597] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = 0 [pid 5597] <... futex resumed>) = 1 [pid 5596] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5596] <... futex resumed>) = 0 [pid 5597] <... openat resumed>) = 5 [pid 5596] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 170.136522][ T5597] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5596] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] <... futex resumed>) = 0 [pid 5597] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5596] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... openat resumed>) = 6 [pid 5597] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] <... futex resumed>) = 1 [pid 5596] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] write(6, "t", 1) = 1 [pid 5597] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5597] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5596] <... futex resumed>) = 0 [pid 5597] sendfile(6, 5, NULL, 131071 [pid 5596] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5596] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5596] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 170.250513][ T5597] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 170.266349][ T5597] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 170.278645][ T5597] EXT4-fs (loop0): This should not happen!! Data will be lost [ 170.278645][ T5597] [ 170.289897][ T5597] EXT4-fs (loop0): Total free blocks count 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5600 attached [pid 5600] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5600] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5600] rt_sigprocmask(SIG_SETMASK, [], [pid 5596] <... clone3 resumed> => {parent_tid=[5600]}, 88) = 5600 [pid 5600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5600] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = 0 [pid 5596] <... futex resumed>) = 1 [pid 5600] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5596] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... open resumed>) = 7 [pid 5600] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5600] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5596] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... mmap resumed>) = 0x20000000 [pid 5597] <... sendfile resumed>) = 75 [pid 5600] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5600] pipe2( [pid 5596] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = 0 [pid 5596] exit_group(0) = ? [pid 5600] <... futex resumed>) = ? [pid 5597] <... futex resumed>) = ? [pid 5600] +++ exited with 0 +++ [pid 5597] +++ exited with 0 +++ [pid 5596] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5596, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 170.296654][ T5597] EXT4-fs (loop0): Free/Dirty block details [ 170.303435][ T5597] EXT4-fs (loop0): free_blocks=2415919104 [ 170.311315][ T5597] EXT4-fs (loop0): dirty_blocks=16 [ 170.316469][ T5597] EXT4-fs (loop0): Block reservation details [ 170.323224][ T5597] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 170.405461][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/bus") = 0 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5601 attached , child_tidptr=0x5555749a2690) = 5601 [pid 5601] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5601] chdir("./100") = 0 [pid 5601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5601] setpgid(0, 0) = 0 [pid 5601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5601] write(3, "1000", 4) = 4 [pid 5601] close(3) = 0 [pid 5601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5601] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5601] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5602 attached [pid 5602] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5601] <... clone3 resumed> => {parent_tid=[5602]}, 88) = 5602 [pid 5602] <... rseq resumed>) = 0 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], [pid 5602] set_robust_list(0x7f03761f79a0, 24 [pid 5601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5602] <... set_robust_list resumed>) = 0 [pid 5601] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], [pid 5601] <... futex resumed>) = 0 [pid 5602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5601] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5602] memfd_create("syzkaller", 0) = 3 [pid 5602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5602] munmap(0x7f036dc00000, 138412032) = 0 [pid 5602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5602] close(3) = 0 [pid 5602] close(4) = 0 [pid 5602] mkdir("./bus", 0777) = 0 [ 170.799176][ T5602] loop0: detected capacity change from 0 to 2048 [pid 5602] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5602] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5602] chdir("./bus") = 0 [pid 5602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5602] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = 0 [pid 5602] <... futex resumed>) = 1 [pid 5601] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5601] <... futex resumed>) = 0 [pid 5601] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... openat resumed>) = 4 [pid 5602] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] <... futex resumed>) = 0 [pid 5602] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5601] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... openat resumed>) = 5 [pid 5602] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] <... futex resumed>) = 0 [pid 5602] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5601] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... openat resumed>) = 6 [pid 5602] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] <... futex resumed>) = 0 [ 170.846297][ T5602] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5601] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] write(6, "t", 1) = 1 [pid 5602] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = 0 [pid 5602] sendfile(6, 5, NULL, 131071 [pid 5601] <... futex resumed>) = 1 [pid 5601] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5601] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5601] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5605]}, 88) = 5605 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5601] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5605 attached [pid 5605] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [ 170.959356][ T5602] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 170.974466][ T5602] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 170.987318][ T5602] EXT4-fs (loop0): This should not happen!! Data will be lost [ 170.987318][ T5602] [ 170.997245][ T5602] EXT4-fs (loop0): Total free blocks count 0 [ 171.003441][ T5602] EXT4-fs (loop0): Free/Dirty block details [pid 5605] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5605] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5602] <... sendfile resumed>) = 75 [pid 5602] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = 0 [pid 5601] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... futex resumed>) = 1 [pid 5601] <... futex resumed>) = 1 [pid 5605] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... futex resumed>) = 0 [pid 5602] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5602] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] pipe2( [pid 5601] <... futex resumed>) = 0 [pid 5602] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5601] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] <... futex resumed>) = 0 [pid 5601] exit_group(0 [pid 5602] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] <... futex resumed>) = ? [pid 5602] <... futex resumed>) = ? [pid 5601] <... exit_group resumed>) = ? [pid 5605] +++ exited with 0 +++ [pid 5602] +++ exited with 0 +++ [pid 5601] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5601, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 171.009503][ T5602] EXT4-fs (loop0): free_blocks=2415919104 [ 171.015430][ T5602] EXT4-fs (loop0): dirty_blocks=16 [ 171.020626][ T5602] EXT4-fs (loop0): Block reservation details [ 171.026633][ T5602] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/bus") = 0 [ 171.114082][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5606 attached , child_tidptr=0x5555749a2690) = 5606 [pid 5606] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5606] chdir("./101") = 0 [pid 5606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5606] setpgid(0, 0) = 0 [pid 5606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5606] write(3, "1000", 4) = 4 [pid 5606] close(3) = 0 [pid 5606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5606] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5606] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5607 attached [pid 5607] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5606] <... clone3 resumed> => {parent_tid=[5607]}, 88) = 5607 [pid 5607] <... rseq resumed>) = 0 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], [pid 5607] set_robust_list(0x7f03761f79a0, 24 [pid 5606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5607] <... set_robust_list resumed>) = 0 [pid 5606] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], [pid 5606] <... futex resumed>) = 0 [pid 5607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5606] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5607] memfd_create("syzkaller", 0) = 3 [pid 5607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5607] munmap(0x7f036dc00000, 138412032) = 0 [pid 5607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5607] close(3) = 0 [pid 5607] close(4) = 0 [pid 5607] mkdir("./bus", 0777) = 0 [pid 5607] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5607] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5607] chdir("./bus") = 0 [pid 5607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5607] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 171.464488][ T5607] loop0: detected capacity change from 0 to 2048 [ 171.496347][ T5607] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5607] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... openat resumed>) = 4 [pid 5607] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... openat resumed>) = 5 [pid 5607] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5606] <... futex resumed>) = 1 [pid 5607] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5606] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... openat resumed>) = 6 [pid 5607] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5606] <... futex resumed>) = 0 [pid 5607] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] write(6, "t", 1 [ 171.551165][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 171.551189][ T29] audit: type=1804 audit(1714530440.365:406): pid=5607 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/101/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5606] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... write resumed>) = 1 [pid 5607] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5606] <... futex resumed>) = 1 [pid 5607] sendfile(6, 5, NULL, 131071 [ 171.582336][ T29] audit: type=1804 audit(1714530440.365:407): pid=5607 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/101/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5606] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5606] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5606] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5610]}, 88) = 5610 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5606] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5610 attached [pid 5610] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [ 171.662905][ T5607] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 171.678170][ T5607] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 171.690640][ T5607] EXT4-fs (loop0): This should not happen!! Data will be lost [ 171.690640][ T5607] [ 171.700400][ T5607] EXT4-fs (loop0): Total free blocks count 0 [ 171.706443][ T5607] EXT4-fs (loop0): Free/Dirty block details [pid 5610] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5610] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5610] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5610] <... futex resumed>) = 1 [pid 5610] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5606] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5610] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] <... futex resumed>) = 0 [pid 5607] <... futex resumed>) = 0 [pid 5606] <... futex resumed>) = 0 [pid 5610] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] pipe2( [pid 5606] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5607] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = 0 [pid 5606] exit_group(0) = ? [pid 5610] <... futex resumed>) = ? [pid 5610] +++ exited with 0 +++ [pid 5607] <... futex resumed>) = ? [pid 5607] +++ exited with 0 +++ [pid 5606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5606, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 171.712525][ T29] audit: type=1804 audit(1714530440.525:408): pid=5610 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/101/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 171.713645][ T5607] EXT4-fs (loop0): free_blocks=2415919104 [ 171.744854][ T5607] EXT4-fs (loop0): dirty_blocks=16 [ 171.750523][ T5607] EXT4-fs (loop0): Block reservation details [ 171.756548][ T5607] EXT4-fs (loop0): i_reserved_data_blocks=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/bus") = 0 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 [ 171.826100][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5611 attached , child_tidptr=0x5555749a2690) = 5611 [pid 5611] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5611] chdir("./102") = 0 [pid 5611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5611] setpgid(0, 0) = 0 [pid 5611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5611] write(3, "1000", 4) = 4 [pid 5611] close(3) = 0 [pid 5611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5611] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5611] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5611] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5612 attached [pid 5612] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5612] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5611] <... clone3 resumed> => {parent_tid=[5612]}, 88) = 5612 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], [pid 5611] rt_sigprocmask(SIG_SETMASK, [], [pid 5612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5612] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5611] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = 0 [pid 5611] <... futex resumed>) = 1 [pid 5612] memfd_create("syzkaller", 0 [pid 5611] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5612] <... memfd_create resumed>) = 3 [pid 5612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5612] munmap(0x7f036dc00000, 138412032) = 0 [pid 5612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5612] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5612] close(3) = 0 [pid 5612] close(4) = 0 [pid 5612] mkdir("./bus", 0777) = 0 [ 172.105058][ T5612] loop0: detected capacity change from 0 to 2048 [pid 5612] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5612] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5612] chdir("./bus") = 0 [pid 5612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5612] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5612] <... futex resumed>) = 1 [pid 5611] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... openat resumed>) = 4 [pid 5612] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5612] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5611] <... futex resumed>) = 0 [ 172.155604][ T5612] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5612] <... openat resumed>) = 5 [pid 5611] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5611] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5612] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5611] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... openat resumed>) = 6 [pid 5612] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5612] <... futex resumed>) = 1 [pid 5611] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] write(6, "t", 1 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... write resumed>) = 1 [pid 5612] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5611] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 172.208115][ T29] audit: type=1804 audit(1714530441.015:409): pid=5612 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/102/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 172.233618][ T29] audit: type=1804 audit(1714530441.045:410): pid=5612 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/102/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5612] sendfile(6, 5, NULL, 131071 [pid 5611] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5611] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5611] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5615 attached [pid 5615] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5611] <... clone3 resumed> => {parent_tid=[5615]}, 88) = 5615 [pid 5615] set_robust_list(0x7f03761d69a0, 24 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], [pid 5615] <... set_robust_list resumed>) = 0 [pid 5611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5615] rt_sigprocmask(SIG_SETMASK, [], [pid 5611] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5611] <... futex resumed>) = 0 [pid 5615] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5611] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... open resumed>) = 7 [ 172.285778][ T5612] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 172.300962][ T5612] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 172.313808][ T5612] EXT4-fs (loop0): This should not happen!! Data will be lost [ 172.313808][ T5612] [ 172.323724][ T5612] EXT4-fs (loop0): Total free blocks count 0 [pid 5615] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5615] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5611] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... mmap resumed>) = 0x20000000 [pid 5612] <... sendfile resumed>) = 75 [pid 5615] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5615] <... futex resumed>) = 1 [pid 5612] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... futex resumed>) = 0 [pid 5612] <... futex resumed>) = 0 [pid 5612] pipe2( [pid 5611] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5612] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5611] <... futex resumed>) = 0 [pid 5612] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] exit_group(0 [pid 5612] <... futex resumed>) = ? [pid 5615] <... futex resumed>) = ? [pid 5611] <... exit_group resumed>) = ? [pid 5615] +++ exited with 0 +++ [pid 5612] +++ exited with 0 +++ [pid 5611] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5611, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 172.330545][ T5612] EXT4-fs (loop0): Free/Dirty block details [ 172.333496][ T29] audit: type=1804 audit(1714530441.145:411): pid=5615 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/102/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 172.337185][ T5612] EXT4-fs (loop0): free_blocks=2415919104 [ 172.366152][ T5612] EXT4-fs (loop0): dirty_blocks=16 [ 172.371896][ T5612] EXT4-fs (loop0): Block reservation details [ 172.377898][ T5612] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 172.445689][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/bus") = 0 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5616 attached , child_tidptr=0x5555749a2690) = 5616 [pid 5616] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5616] chdir("./103") = 0 [pid 5616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5616] setpgid(0, 0) = 0 [pid 5616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5616] write(3, "1000", 4) = 4 [pid 5616] close(3) = 0 [pid 5616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5616] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5616] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5616] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5617 attached [pid 5617] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5616] <... clone3 resumed> => {parent_tid=[5617]}, 88) = 5617 [pid 5617] <... rseq resumed>) = 0 [pid 5616] rt_sigprocmask(SIG_SETMASK, [], [pid 5617] set_robust_list(0x7f03761f79a0, 24 [pid 5616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5617] <... set_robust_list resumed>) = 0 [pid 5616] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], [pid 5616] <... futex resumed>) = 0 [pid 5617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5616] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5617] memfd_create("syzkaller", 0) = 3 [pid 5617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5617] munmap(0x7f036dc00000, 138412032) = 0 [pid 5617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5617] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5617] close(3) = 0 [pid 5617] close(4) = 0 [pid 5617] mkdir("./bus", 0777) = 0 [ 172.770009][ T5617] loop0: detected capacity change from 0 to 2048 [pid 5617] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5617] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5617] chdir("./bus") = 0 [pid 5617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5617] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5617] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] <... futex resumed>) = 0 [pid 5616] <... futex resumed>) = 1 [pid 5617] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5616] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... openat resumed>) = 4 [pid 5617] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5617] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5616] <... futex resumed>) = 0 [pid 5617] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5616] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... openat resumed>) = 5 [ 172.815797][ T5617] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5617] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = 0 [pid 5617] <... futex resumed>) = 1 [pid 5616] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] write(6, "t", 1 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... write resumed>) = 1 [pid 5617] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] <... futex resumed>) = 0 [pid 5617] sendfile(6, 5, NULL, 131071 [pid 5616] <... futex resumed>) = 1 [ 172.857534][ T29] audit: type=1804 audit(1714530441.665:412): pid=5617 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/103/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 172.882506][ T29] audit: type=1804 audit(1714530441.665:413): pid=5617 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/103/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5616] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5616] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5616] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 172.963735][ T5617] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 172.979087][ T5617] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 172.991392][ T5617] EXT4-fs (loop0): This should not happen!! Data will be lost [ 172.991392][ T5617] [ 173.001155][ T5617] EXT4-fs (loop0): Total free blocks count 0 [ 173.007750][ T5617] EXT4-fs (loop0): Free/Dirty block details [pid 5616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5620]}, 88) = 5620 ./strace-static-x86_64: Process 5620 attached [pid 5616] rt_sigprocmask(SIG_SETMASK, [], [pid 5620] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5620] <... rseq resumed>) = 0 [pid 5616] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] set_robust_list(0x7f03761d69a0, 24 [pid 5616] <... futex resumed>) = 0 [pid 5620] <... set_robust_list resumed>) = 0 [pid 5616] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5620] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5620] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5616] <... futex resumed>) = 1 [pid 5620] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 173.013782][ T5617] EXT4-fs (loop0): free_blocks=2415919104 [ 173.020753][ T5617] EXT4-fs (loop0): dirty_blocks=16 [ 173.022714][ T29] audit: type=1804 audit(1714530441.835:414): pid=5620 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/103/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 173.026328][ T5617] EXT4-fs (loop0): Block reservation details [pid 5616] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] <... mmap resumed>) = 0x20000000 [pid 5617] <... sendfile resumed>) = 75 [pid 5620] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = 0 [pid 5620] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] <... futex resumed>) = 0 [pid 5616] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] pipe2( [pid 5616] <... futex resumed>) = 0 [pid 5617] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5616] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5617] <... futex resumed>) = 0 [pid 5616] exit_group(0 [pid 5617] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... futex resumed>) = ? [pid 5616] <... exit_group resumed>) = ? [pid 5617] +++ exited with 0 +++ [pid 5620] +++ exited with 0 +++ [pid 5616] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5616, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 173.059214][ T5617] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/bus") = 0 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 173.123777][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5621 attached , child_tidptr=0x5555749a2690) = 5621 [pid 5621] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5621] chdir("./104") = 0 [pid 5621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5621] setpgid(0, 0) = 0 [pid 5621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5621] write(3, "1000", 4) = 4 [pid 5621] close(3) = 0 [pid 5621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5621] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5621] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5622 attached [pid 5622] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5621] <... clone3 resumed> => {parent_tid=[5622]}, 88) = 5622 [pid 5622] set_robust_list(0x7f03761f79a0, 24 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], [pid 5622] <... set_robust_list resumed>) = 0 [pid 5621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5621] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5621] <... futex resumed>) = 0 [pid 5622] memfd_create("syzkaller", 0 [pid 5621] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5622] <... memfd_create resumed>) = 3 [pid 5622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5622] munmap(0x7f036dc00000, 138412032) = 0 [pid 5622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5622] close(3) = 0 [pid 5622] close(4) = 0 [pid 5622] mkdir("./bus", 0777) = 0 [ 173.438129][ T5622] loop0: detected capacity change from 0 to 2048 [pid 5622] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5622] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5622] chdir("./bus") = 0 [pid 5622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 173.477984][ T5622] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5622] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5622] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5621] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... openat resumed>) = 4 [pid 5622] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 1 [pid 5622] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5621] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... openat resumed>) = 5 [pid 5622] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5622] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5621] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... openat resumed>) = 6 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] write(6, "t", 1 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... write resumed>) = 1 [pid 5622] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5622] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5621] <... futex resumed>) = 0 [pid 5622] sendfile(6, 5, NULL, 131071 [ 173.551640][ T29] audit: type=1804 audit(1714530442.365:415): pid=5622 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/104/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5621] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5621] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5621] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 173.625581][ T5622] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 173.641079][ T5622] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 173.654996][ T5622] EXT4-fs (loop0): This should not happen!! Data will be lost [ 173.654996][ T5622] [ 173.665079][ T5622] EXT4-fs (loop0): Total free blocks count 0 [pid 5621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5625 attached [pid 5625] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5621] <... clone3 resumed> => {parent_tid=[5625]}, 88) = 5625 [pid 5625] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], [pid 5625] rt_sigprocmask(SIG_SETMASK, [], [pid 5621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5621] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5621] <... futex resumed>) = 0 [pid 5625] <... open resumed>) = 7 [pid 5621] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5625] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 0 [pid 5621] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] <... futex resumed>) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5625] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5621] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... sendfile resumed>) = 75 [pid 5625] <... mmap resumed>) = 0x20000000 [pid 5622] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5625] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 0 [pid 5622] pipe2( [pid 5621] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5622] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5622] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5621] exit_group(0) = ? [pid 5625] <... futex resumed>) = ? [pid 5622] <... futex resumed>) = ? [pid 5622] +++ exited with 0 +++ [pid 5625] +++ exited with 0 +++ [pid 5621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5621, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 173.671648][ T5622] EXT4-fs (loop0): Free/Dirty block details [ 173.677588][ T5622] EXT4-fs (loop0): free_blocks=2415919104 [ 173.684293][ T5622] EXT4-fs (loop0): dirty_blocks=16 [ 173.689909][ T5622] EXT4-fs (loop0): Block reservation details [ 173.696021][ T5622] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/bus") = 0 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 173.769075][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5626 ./strace-static-x86_64: Process 5626 attached [pid 5626] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5626] chdir("./105") = 0 [pid 5626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5626] setpgid(0, 0) = 0 [pid 5626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5626] write(3, "1000", 4) = 4 [pid 5626] close(3) = 0 [pid 5626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5626] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5626] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5627 attached [pid 5627] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5626] <... clone3 resumed> => {parent_tid=[5627]}, 88) = 5627 [pid 5627] <... rseq resumed>) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], [pid 5627] set_robust_list(0x7f03761f79a0, 24 [pid 5626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5627] <... set_robust_list resumed>) = 0 [pid 5626] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], [pid 5626] <... futex resumed>) = 0 [pid 5627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5626] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5627] memfd_create("syzkaller", 0) = 3 [pid 5627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5627] munmap(0x7f036dc00000, 138412032) = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5627] close(3) = 0 [pid 5627] close(4) = 0 [pid 5627] mkdir("./bus", 0777) = 0 [ 174.042381][ T5627] loop0: detected capacity change from 0 to 2048 [pid 5627] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5627] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5627] chdir("./bus") = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5627] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5626] <... futex resumed>) = 0 [pid 5627] <... openat resumed>) = 4 [pid 5627] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... futex resumed>) = 0 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5627] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5626] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... openat resumed>) = 5 [pid 5627] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = 1 [pid 5626] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... openat resumed>) = 6 [pid 5627] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] write(6, "t", 1 [ 174.088526][ T5627] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5626] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... write resumed>) = 1 [pid 5627] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... futex resumed>) = 0 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] sendfile(6, 5, NULL, 131071 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5626] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 174.214797][ T5627] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 174.229997][ T5627] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 174.242518][ T5627] EXT4-fs (loop0): This should not happen!! Data will be lost [ 174.242518][ T5627] [ 174.253302][ T5627] EXT4-fs (loop0): Total free blocks count 0 [pid 5626] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5631 attached [pid 5631] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5626] <... clone3 resumed> => {parent_tid=[5631]}, 88) = 5631 [pid 5631] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], [pid 5631] rt_sigprocmask(SIG_SETMASK, [], [pid 5626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5631] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5626] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] <... open resumed>) = 7 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5631] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5626] <... futex resumed>) = 0 [pid 5631] <... mmap resumed>) = 0x20000000 [pid 5626] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... sendfile resumed>) = 75 [pid 5627] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5631] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5626] <... futex resumed>) = 1 [pid 5631] <... futex resumed>) = 1 [pid 5627] pipe2( [pid 5626] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5627] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5627] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] exit_group(0 [pid 5631] <... futex resumed>) = ? [pid 5627] <... futex resumed>) = ? [pid 5626] <... exit_group resumed>) = ? [pid 5631] +++ exited with 0 +++ [pid 5627] +++ exited with 0 +++ [ 174.259820][ T5627] EXT4-fs (loop0): Free/Dirty block details [ 174.266051][ T5627] EXT4-fs (loop0): free_blocks=2415919104 [ 174.272698][ T5627] EXT4-fs (loop0): dirty_blocks=16 [ 174.278658][ T5627] EXT4-fs (loop0): Block reservation details [ 174.284814][ T5627] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5626, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 174.324563][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/bus") = 0 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5632 attached , child_tidptr=0x5555749a2690) = 5632 [pid 5632] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5632] chdir("./106") = 0 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5632] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5632] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5633 attached [pid 5633] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5632] <... clone3 resumed> => {parent_tid=[5633]}, 88) = 5633 [pid 5633] <... rseq resumed>) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], [pid 5633] set_robust_list(0x7f03761f79a0, 24 [pid 5632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] <... set_robust_list resumed>) = 0 [pid 5632] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], [pid 5632] <... futex resumed>) = 0 [pid 5633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] memfd_create("syzkaller", 0 [pid 5632] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5633] <... memfd_create resumed>) = 3 [pid 5633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5633] munmap(0x7f036dc00000, 138412032) = 0 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5633] close(3) = 0 [pid 5633] close(4) = 0 [pid 5633] mkdir("./bus", 0777) = 0 [ 174.717756][ T5633] loop0: detected capacity change from 0 to 2048 [pid 5633] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5633] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5633] chdir("./bus") = 0 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5633] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] <... futex resumed>) = 1 [pid 5632] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5633] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] <... futex resumed>) = 1 [pid 5632] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5633] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5632] <... futex resumed>) = 0 [pid 5633] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [ 174.774866][ T5633] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5632] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... openat resumed>) = 6 [pid 5633] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] write(6, "t", 1 [pid 5632] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... write resumed>) = 1 [pid 5633] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5632] <... futex resumed>) = 1 [pid 5633] sendfile(6, 5, NULL, 131071 [pid 5632] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5632] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5632] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5636 attached [pid 5636] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5632] <... clone3 resumed> => {parent_tid=[5636]}, 88) = 5636 [pid 5636] <... rseq resumed>) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5636] set_robust_list(0x7f03761d69a0, 24 [pid 5632] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... set_robust_list resumed>) = 0 [pid 5632] <... futex resumed>) = 0 [pid 5636] rt_sigprocmask(SIG_SETMASK, [], [pid 5632] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5636] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 174.906487][ T5633] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 174.922048][ T5633] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 174.934555][ T5633] EXT4-fs (loop0): This should not happen!! Data will be lost [ 174.934555][ T5633] [ 174.944959][ T5633] EXT4-fs (loop0): Total free blocks count 0 [pid 5636] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5636] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5632] <... futex resumed>) = 1 [pid 5636] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5632] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... sendfile resumed>) = 75 [pid 5636] <... mmap resumed>) = 0x20000000 [pid 5633] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5636] <... futex resumed>) = 1 [pid 5633] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5636] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5632] <... futex resumed>) = 1 [pid 5633] pipe2( [pid 5632] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5633] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] exit_group(0 [pid 5636] <... futex resumed>) = ? [pid 5633] <... futex resumed>) = ? [pid 5632] <... exit_group resumed>) = ? [pid 5636] +++ exited with 0 +++ [pid 5633] +++ exited with 0 +++ [pid 5632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5632, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 174.951139][ T5633] EXT4-fs (loop0): Free/Dirty block details [ 174.958449][ T5633] EXT4-fs (loop0): free_blocks=2415919104 [ 174.965198][ T5633] EXT4-fs (loop0): dirty_blocks=16 [ 174.970455][ T5633] EXT4-fs (loop0): Block reservation details [ 174.976486][ T5633] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 175.090166][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/bus") = 0 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5637 attached , child_tidptr=0x5555749a2690) = 5637 [pid 5637] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5637] chdir("./107") = 0 [pid 5637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5637] setpgid(0, 0) = 0 [pid 5637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5637] write(3, "1000", 4) = 4 [pid 5637] close(3) = 0 [pid 5637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5637] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5637] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5638 attached [pid 5638] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5637] <... clone3 resumed> => {parent_tid=[5638]}, 88) = 5638 [pid 5638] <... rseq resumed>) = 0 [pid 5637] rt_sigprocmask(SIG_SETMASK, [], [pid 5638] set_robust_list(0x7f03761f79a0, 24 [pid 5637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5638] <... set_robust_list resumed>) = 0 [pid 5637] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], [pid 5637] <... futex resumed>) = 0 [pid 5638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5637] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5638] memfd_create("syzkaller", 0) = 3 [pid 5638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5638] munmap(0x7f036dc00000, 138412032) = 0 [pid 5638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5638] close(3) = 0 [pid 5638] close(4) = 0 [pid 5638] mkdir("./bus", 0777) = 0 [ 175.459024][ T5638] loop0: detected capacity change from 0 to 2048 [pid 5638] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5638] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5638] chdir("./bus") = 0 [pid 5638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5638] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5637] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5637] <... futex resumed>) = 0 [pid 5637] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] <... openat resumed>) = 4 [pid 5638] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5637] <... futex resumed>) = 0 [pid 5638] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5637] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... openat resumed>) = 5 [pid 5637] <... futex resumed>) = 0 [pid 5637] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5637] <... futex resumed>) = 0 [pid 5638] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5637] <... futex resumed>) = 0 [pid 5638] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5637] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] <... openat resumed>) = 6 [pid 5638] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] <... futex resumed>) = 0 [pid 5637] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5637] <... futex resumed>) = 1 [pid 5638] write(6, "t", 1 [ 175.507340][ T5638] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5637] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] <... write resumed>) = 1 [pid 5638] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5637] <... futex resumed>) = 0 [pid 5638] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5637] <... futex resumed>) = 0 [pid 5638] sendfile(6, 5, NULL, 131071 [pid 5637] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5637] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 175.614959][ T5638] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 175.630403][ T5638] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 175.642683][ T5638] EXT4-fs (loop0): This should not happen!! Data will be lost [ 175.642683][ T5638] [ 175.653393][ T5638] EXT4-fs (loop0): Total free blocks count 0 [ 175.659452][ T5638] EXT4-fs (loop0): Free/Dirty block details [pid 5637] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5641 attached [pid 5638] <... sendfile resumed>) = 75 [pid 5641] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5641] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5641] rt_sigprocmask(SIG_SETMASK, [], [pid 5638] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... clone3 resumed> => {parent_tid=[5641]}, 88) = 5641 [pid 5641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5638] <... futex resumed>) = 0 [pid 5637] rt_sigprocmask(SIG_SETMASK, [], [pid 5641] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5637] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... futex resumed>) = 0 [pid 5637] <... futex resumed>) = 1 [pid 5641] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5637] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... open resumed>) = 7 [pid 5641] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = 0 [pid 5641] <... futex resumed>) = 1 [pid 5637] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... futex resumed>) = 0 [pid 5637] <... futex resumed>) = 1 [pid 5638] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5637] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5638] <... mmap resumed>) = 0x20000000 [pid 5638] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5637] <... futex resumed>) = 0 [pid 5638] pipe2( [pid 5637] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5637] <... futex resumed>) = 0 [pid 5638] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5637] exit_group(0) = ? [pid 5641] <... futex resumed>) = ? [pid 5638] <... futex resumed>) = ? [ 175.665693][ T5638] EXT4-fs (loop0): free_blocks=2415919104 [ 175.671520][ T5638] EXT4-fs (loop0): dirty_blocks=16 [ 175.676674][ T5638] EXT4-fs (loop0): Block reservation details [ 175.682995][ T5638] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5641] +++ exited with 0 +++ [pid 5638] +++ exited with 0 +++ [pid 5637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5637, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 175.745988][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/bus") = 0 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5642 attached , child_tidptr=0x5555749a2690) = 5642 [pid 5642] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5642] chdir("./108") = 0 [pid 5642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5642] setpgid(0, 0) = 0 [pid 5642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5642] write(3, "1000", 4) = 4 [pid 5642] close(3) = 0 [pid 5642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5642] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5642] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5642] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5643 attached [pid 5643] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5642] <... clone3 resumed> => {parent_tid=[5643]}, 88) = 5643 [pid 5643] <... rseq resumed>) = 0 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], [pid 5643] set_robust_list(0x7f03761f79a0, 24 [pid 5642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] <... set_robust_list resumed>) = 0 [pid 5642] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5642] <... futex resumed>) = 0 [pid 5643] memfd_create("syzkaller", 0 [pid 5642] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5643] <... memfd_create resumed>) = 3 [pid 5643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5643] munmap(0x7f036dc00000, 138412032) = 0 [pid 5643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5643] close(3) = 0 [pid 5643] close(4) = 0 [pid 5643] mkdir("./bus", 0777) = 0 [ 176.094048][ T5643] loop0: detected capacity change from 0 to 2048 [pid 5643] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5643] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5643] chdir("./bus") = 0 [pid 5643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5643] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5643] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5642] <... futex resumed>) = 0 [pid 5643] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5642] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... openat resumed>) = 4 [pid 5643] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5643] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5642] <... futex resumed>) = 0 [pid 5643] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5642] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... openat resumed>) = 5 [pid 5643] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] <... futex resumed>) = 1 [pid 5642] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5643] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5643] <... futex resumed>) = 1 [pid 5642] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] write(6, "t", 1 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... write resumed>) = 1 [pid 5643] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5643] <... futex resumed>) = 1 [pid 5642] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] sendfile(6, 5, NULL, 131071 [pid 5642] <... futex resumed>) = 0 [ 176.137072][ T5643] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5642] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5642] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 176.221082][ T5643] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 176.236388][ T5643] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 176.249042][ T5643] EXT4-fs (loop0): This should not happen!! Data will be lost [ 176.249042][ T5643] [ 176.259201][ T5643] EXT4-fs (loop0): Total free blocks count 0 [ 176.265502][ T5643] EXT4-fs (loop0): Free/Dirty block details [pid 5642] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5643] <... sendfile resumed>) = 75 [pid 5642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 5643] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] <... clone3 resumed> => {parent_tid=[5646]}, 88) = 5646 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5642] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5646 attached [pid 5646] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5642] <... futex resumed>) = 0 [pid 5646] <... rseq resumed>) = 0 [pid 5642] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5646] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5646] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5646] <... futex resumed>) = 1 [pid 5642] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5646] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] <... futex resumed>) = 0 [pid 5643] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5642] <... futex resumed>) = 1 [pid 5643] <... mmap resumed>) = 0x20000000 [ 176.271668][ T5643] EXT4-fs (loop0): free_blocks=2415919104 [ 176.277426][ T5643] EXT4-fs (loop0): dirty_blocks=16 [ 176.282957][ T5643] EXT4-fs (loop0): Block reservation details [ 176.288977][ T5643] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5642] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5643] pipe2( [pid 5642] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5643] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5643] <... futex resumed>) = 1 [pid 5643] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] exit_group(0 [pid 5646] <... futex resumed>) = ? [pid 5643] <... futex resumed>) = ? [pid 5642] <... exit_group resumed>) = ? [pid 5646] +++ exited with 0 +++ [pid 5643] +++ exited with 0 +++ [pid 5642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5642, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/bus") = 0 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 176.388970][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5647 attached , child_tidptr=0x5555749a2690) = 5647 [pid 5647] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5647] chdir("./109") = 0 [pid 5647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5647] setpgid(0, 0) = 0 [pid 5647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5647] write(3, "1000", 4) = 4 [pid 5647] close(3) = 0 [pid 5647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5647] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5647] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5648 attached [pid 5648] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5647] <... clone3 resumed> => {parent_tid=[5648]}, 88) = 5648 [pid 5648] <... rseq resumed>) = 0 [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5648] set_robust_list(0x7f03761f79a0, 24 [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5648] <... set_robust_list resumed>) = 0 [pid 5647] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5647] <... futex resumed>) = 0 [pid 5648] memfd_create("syzkaller", 0 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5648] <... memfd_create resumed>) = 3 [pid 5648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5648] munmap(0x7f036dc00000, 138412032) = 0 [pid 5648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5648] close(3) = 0 [pid 5648] close(4) = 0 [pid 5648] mkdir("./bus", 0777) = 0 [ 176.601097][ T5648] loop0: detected capacity change from 0 to 2048 [pid 5648] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5648] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5648] chdir("./bus") = 0 [pid 5648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5648] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = 1 [pid 5647] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5648] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = 1 [pid 5647] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5647] <... futex resumed>) = 0 [pid 5648] <... openat resumed>) = 5 [ 176.665076][ T5648] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5648] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 0 [pid 5647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5647] <... futex resumed>) = 0 [pid 5648] <... openat resumed>) = 6 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] write(6, "t", 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... write resumed>) = 1 [ 176.716040][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 176.716065][ T29] audit: type=1804 audit(1714530445.525:430): pid=5648 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/109/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5648] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] sendfile(6, 5, NULL, 131071 [pid 5647] <... futex resumed>) = 0 [ 176.746420][ T29] audit: type=1804 audit(1714530445.525:431): pid=5648 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/109/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5647] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5647] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5651 attached => {parent_tid=[5651]}, 88) = 5651 [ 176.817521][ T5648] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 176.833272][ T5648] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 176.845607][ T5648] EXT4-fs (loop0): This should not happen!! Data will be lost [ 176.845607][ T5648] [ 176.855366][ T5648] EXT4-fs (loop0): Total free blocks count 0 [ 176.861418][ T5648] EXT4-fs (loop0): Free/Dirty block details [pid 5651] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5651] <... rseq resumed>) = 0 [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5651] set_robust_list(0x7f03761d69a0, 24 [pid 5647] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... set_robust_list resumed>) = 0 [pid 5647] <... futex resumed>) = 0 [pid 5651] rt_sigprocmask(SIG_SETMASK, [], [pid 5647] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5651] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5651] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... sendfile resumed>) = 75 [pid 5648] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] <... futex resumed>) = 1 [pid 5648] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5651] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] <... futex resumed>) = 0 [pid 5648] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5648] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5647] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] pipe2(0x20000240, 0) = 0 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5647] <... futex resumed>) = 0 [pid 5648] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] exit_group(0 [pid 5648] <... futex resumed>) = ? [pid 5647] <... exit_group resumed>) = ? [pid 5651] <... futex resumed>) = ? [pid 5648] +++ exited with 0 +++ [ 176.867325][ T5648] EXT4-fs (loop0): free_blocks=2415919104 [ 176.873143][ T5648] EXT4-fs (loop0): dirty_blocks=16 [ 176.876074][ T29] audit: type=1804 audit(1714530445.685:432): pid=5651 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/109/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 176.878285][ T5648] EXT4-fs (loop0): Block reservation details [ 176.878310][ T5648] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5651] +++ exited with 0 +++ [pid 5647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5647, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/bus") = 0 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 177.035858][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5652 attached , child_tidptr=0x5555749a2690) = 5652 [pid 5652] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5652] chdir("./110") = 0 [pid 5652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5652] setpgid(0, 0) = 0 [pid 5652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5652] write(3, "1000", 4) = 4 [pid 5652] close(3) = 0 [pid 5652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5652] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5652] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5652] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5653 attached [pid 5653] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5652] <... clone3 resumed> => {parent_tid=[5653]}, 88) = 5653 [pid 5653] set_robust_list(0x7f03761f79a0, 24 [pid 5652] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] <... set_robust_list resumed>) = 0 [pid 5652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], [pid 5652] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] memfd_create("syzkaller", 0 [pid 5652] <... futex resumed>) = 0 [pid 5652] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5653] <... memfd_create resumed>) = 3 [pid 5653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5653] munmap(0x7f036dc00000, 138412032) = 0 [pid 5653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5653] close(3) = 0 [pid 5653] close(4) = 0 [pid 5653] mkdir("./bus", 0777) = 0 [ 177.332049][ T5653] loop0: detected capacity change from 0 to 2048 [pid 5653] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5653] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5653] chdir("./bus") = 0 [pid 5653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5653] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5653] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5652] <... futex resumed>) = 0 [pid 5653] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5652] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... openat resumed>) = 4 [pid 5653] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5652] <... futex resumed>) = 0 [pid 5653] <... futex resumed>) = 1 [pid 5652] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5652] <... futex resumed>) = 0 [pid 5652] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... openat resumed>) = 5 [pid 5653] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [ 177.379776][ T5653] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5653] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5652] <... futex resumed>) = 0 [pid 5653] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5652] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... openat resumed>) = 6 [pid 5653] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5652] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] write(6, "t", 1 [pid 5652] <... futex resumed>) = 0 [pid 5652] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... write resumed>) = 1 [pid 5653] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5653] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5652] <... futex resumed>) = 0 [pid 5653] sendfile(6, 5, NULL, 131071 [ 177.417450][ T29] audit: type=1804 audit(1714530446.225:433): pid=5653 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/110/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 177.441946][ T29] audit: type=1804 audit(1714530446.245:434): pid=5653 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/110/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5652] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5652] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5652] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 177.509640][ T5653] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 177.525176][ T5653] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 177.538376][ T5653] EXT4-fs (loop0): This should not happen!! Data will be lost [ 177.538376][ T5653] [ 177.548521][ T5653] EXT4-fs (loop0): Total free blocks count 0 [pid 5652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5656 attached [pid 5656] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5656] set_robust_list(0x7f03761d69a0, 24 [pid 5652] <... clone3 resumed> => {parent_tid=[5656]}, 88) = 5656 [pid 5656] <... set_robust_list resumed>) = 0 [pid 5652] rt_sigprocmask(SIG_SETMASK, [], [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5652] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5652] <... futex resumed>) = 0 [pid 5656] <... open resumed>) = 7 [pid 5656] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5652] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... futex resumed>) = 0 [pid 5652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5656] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5652] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5652] <... futex resumed>) = 0 [pid 5656] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5652] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... mmap resumed>) = 0x20000000 [pid 5656] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5652] <... futex resumed>) = 0 [pid 5652] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] pipe2( [pid 5652] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5656] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... sendfile resumed>) = 75 [pid 5653] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5652] <... futex resumed>) = 0 [pid 5652] exit_group(0) = ? [pid 5656] <... futex resumed>) = ? [pid 5653] <... futex resumed>) = ? [pid 5656] +++ exited with 0 +++ [pid 5653] +++ exited with 0 +++ [pid 5652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5652, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [ 177.554856][ T5653] EXT4-fs (loop0): Free/Dirty block details [ 177.560876][ T5653] EXT4-fs (loop0): free_blocks=2415919104 [ 177.566892][ T5653] EXT4-fs (loop0): dirty_blocks=16 [ 177.572094][ T5653] EXT4-fs (loop0): Block reservation details [ 177.578543][ T5653] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 177.579275][ T29] audit: type=1804 audit(1714530446.385:435): pid=5656 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/110/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 177.665083][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./110/bus") = 0 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5657 attached , child_tidptr=0x5555749a2690) = 5657 [pid 5657] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5657] chdir("./111") = 0 [pid 5657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5657] setpgid(0, 0) = 0 [pid 5657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5657] write(3, "1000", 4) = 4 [pid 5657] close(3) = 0 [pid 5657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5657] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5657] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5657] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5658 attached [pid 5658] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5657] <... clone3 resumed> => {parent_tid=[5658]}, 88) = 5658 [pid 5658] set_robust_list(0x7f03761f79a0, 24 [pid 5657] rt_sigprocmask(SIG_SETMASK, [], [pid 5658] <... set_robust_list resumed>) = 0 [pid 5657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5658] rt_sigprocmask(SIG_SETMASK, [], [pid 5657] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5657] <... futex resumed>) = 0 [pid 5658] memfd_create("syzkaller", 0 [pid 5657] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5658] <... memfd_create resumed>) = 3 [pid 5658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5658] munmap(0x7f036dc00000, 138412032) = 0 [pid 5658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5658] close(3) = 0 [pid 5658] close(4) = 0 [pid 5658] mkdir("./bus", 0777) = 0 [ 177.987498][ T5658] loop0: detected capacity change from 0 to 2048 [pid 5658] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5658] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5658] chdir("./bus") = 0 [pid 5658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5658] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] <... futex resumed>) = 0 [pid 5658] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5657] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... openat resumed>) = 4 [pid 5658] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = 0 [pid 5658] <... futex resumed>) = 1 [pid 5657] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5657] <... futex resumed>) = 0 [pid 5658] <... openat resumed>) = 5 [ 178.044858][ T5658] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5657] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5657] <... futex resumed>) = 0 [pid 5658] <... openat resumed>) = 6 [pid 5657] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... futex resumed>) = 0 [pid 5658] write(6, "t", 1) = 1 [pid 5658] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] sendfile(6, 5, NULL, 131071 [ 178.097696][ T29] audit: type=1804 audit(1714530446.905:436): pid=5658 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/111/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 178.125040][ T29] audit: type=1804 audit(1714530446.935:437): pid=5658 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/111/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5657] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5657] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5657] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 178.189840][ T5658] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 178.205376][ T5658] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 178.218185][ T5658] EXT4-fs (loop0): This should not happen!! Data will be lost [ 178.218185][ T5658] [ 178.228588][ T5658] EXT4-fs (loop0): Total free blocks count 0 [pid 5657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5661 attached => {parent_tid=[5661]}, 88) = 5661 [pid 5661] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5657] rt_sigprocmask(SIG_SETMASK, [], [pid 5661] <... rseq resumed>) = 0 [pid 5657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5661] set_robust_list(0x7f03761d69a0, 24 [pid 5657] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... set_robust_list resumed>) = 0 [pid 5657] <... futex resumed>) = 0 [pid 5661] rt_sigprocmask(SIG_SETMASK, [], [pid 5657] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5661] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5661] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5661] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] <... futex resumed>) = 0 [pid 5661] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5657] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... mmap resumed>) = 0x20000000 [pid 5658] <... sendfile resumed>) = 75 [pid 5661] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5661] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5658] <... futex resumed>) = 0 [pid 5658] pipe2( [pid 5657] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5657] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5658] <... futex resumed>) = 0 [pid 5657] exit_group(0 [pid 5658] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5657] <... exit_group resumed>) = ? [pid 5658] +++ exited with 0 +++ [pid 5661] <... futex resumed>) = ? [pid 5661] +++ exited with 0 +++ [pid 5657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5657, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 178.235020][ T5658] EXT4-fs (loop0): Free/Dirty block details [ 178.240998][ T5658] EXT4-fs (loop0): free_blocks=2415919104 [ 178.247091][ T5658] EXT4-fs (loop0): dirty_blocks=16 [ 178.250983][ T29] audit: type=1804 audit(1714530447.055:438): pid=5661 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/111/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 178.252943][ T5658] EXT4-fs (loop0): Block reservation details [ 178.281847][ T5658] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 178.396614][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/bus") = 0 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5662 attached , child_tidptr=0x5555749a2690) = 5662 [pid 5662] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5662] chdir("./112") = 0 [pid 5662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5662] setpgid(0, 0) = 0 [pid 5662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5662] write(3, "1000", 4) = 4 [pid 5662] close(3) = 0 [pid 5662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5662] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5662] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5663 attached [pid 5663] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5662] <... clone3 resumed> => {parent_tid=[5663]}, 88) = 5663 [pid 5663] <... rseq resumed>) = 0 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], [pid 5663] set_robust_list(0x7f03761f79a0, 24 [pid 5662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5663] <... set_robust_list resumed>) = 0 [pid 5662] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] rt_sigprocmask(SIG_SETMASK, [], [pid 5662] <... futex resumed>) = 0 [pid 5663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5662] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5663] memfd_create("syzkaller", 0) = 3 [pid 5663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5663] munmap(0x7f036dc00000, 138412032) = 0 [pid 5663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5663] close(3) = 0 [pid 5663] close(4) = 0 [pid 5663] mkdir("./bus", 0777) = 0 [ 178.747868][ T5663] loop0: detected capacity change from 0 to 2048 [pid 5663] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5663] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5663] chdir("./bus") = 0 [pid 5663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5663] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5662] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] <... openat resumed>) = 4 [pid 5662] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5662] <... futex resumed>) = 1 [pid 5663] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5662] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... openat resumed>) = 5 [pid 5663] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... openat resumed>) = 6 [pid 5663] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] <... futex resumed>) = 0 [pid 5663] write(6, "t", 1 [pid 5662] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... write resumed>) = 1 [pid 5663] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5662] <... futex resumed>) = 1 [pid 5663] sendfile(6, 5, NULL, 131071 [ 178.786710][ T5663] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.817643][ T29] audit: type=1804 audit(1714530447.625:439): pid=5663 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/112/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5662] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5662] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 178.882706][ T5663] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 178.897947][ T5663] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 178.910620][ T5663] EXT4-fs (loop0): This should not happen!! Data will be lost [ 178.910620][ T5663] [ 178.920315][ T5663] EXT4-fs (loop0): Total free blocks count 0 [ 178.926347][ T5663] EXT4-fs (loop0): Free/Dirty block details [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5662] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5663] <... sendfile resumed>) = 75 [pid 5663] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5666 attached [pid 5666] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5662] <... clone3 resumed> => {parent_tid=[5666]}, 88) = 5666 [pid 5666] <... rseq resumed>) = 0 [pid 5666] set_robust_list(0x7f03761d69a0, 24 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], [pid 5666] <... set_robust_list resumed>) = 0 [pid 5662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5666] rt_sigprocmask(SIG_SETMASK, [], [pid 5662] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5662] <... futex resumed>) = 0 [pid 5666] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 178.932296][ T5663] EXT4-fs (loop0): free_blocks=2415919104 [ 178.938034][ T5663] EXT4-fs (loop0): dirty_blocks=16 [ 178.943204][ T5663] EXT4-fs (loop0): Block reservation details [ 178.949216][ T5663] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5662] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5666] <... open resumed>) = 7 [pid 5666] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = 0 [pid 5662] <... futex resumed>) = 1 [pid 5663] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5662] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... mmap resumed>) = 0x20000000 [pid 5663] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] pipe2( [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5663] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] exit_group(0 [pid 5666] <... futex resumed>) = ? [pid 5662] <... exit_group resumed>) = ? [pid 5666] +++ exited with 0 +++ [pid 5663] <... futex resumed>) = ? [pid 5663] +++ exited with 0 +++ [pid 5662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5662, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 179.065502][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/bus") = 0 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5667 attached , child_tidptr=0x5555749a2690) = 5667 [pid 5667] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5667] chdir("./113") = 0 [pid 5667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5667] setpgid(0, 0) = 0 [pid 5667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5667] write(3, "1000", 4) = 4 [pid 5667] close(3) = 0 [pid 5667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5667] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5667] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5667] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5667] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5668 attached [pid 5668] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5667] <... clone3 resumed> => {parent_tid=[5668]}, 88) = 5668 [pid 5668] set_robust_list(0x7f03761f79a0, 24 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5668] <... set_robust_list resumed>) = 0 [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5668] rt_sigprocmask(SIG_SETMASK, [], [pid 5667] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5668] memfd_create("syzkaller", 0 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5668] <... memfd_create resumed>) = 3 [pid 5668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5668] munmap(0x7f036dc00000, 138412032) = 0 [pid 5668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5668] close(3) = 0 [pid 5668] close(4) = 0 [pid 5668] mkdir("./bus", 0777) = 0 [ 179.434403][ T5668] loop0: detected capacity change from 0 to 2048 [pid 5668] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5668] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5668] chdir("./bus") = 0 [pid 5668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5668] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5668] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... openat resumed>) = 4 [pid 5668] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5668] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] <... futex resumed>) = 0 [pid 5668] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5667] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... openat resumed>) = 5 [pid 5668] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5668] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = 0 [pid 5668] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5667] <... futex resumed>) = 1 [pid 5667] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... openat resumed>) = 6 [ 179.494795][ T5668] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5668] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5668] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] write(6, "t", 1 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... write resumed>) = 1 [pid 5668] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [pid 5668] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] sendfile(6, 5, NULL, 131071 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5667] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 179.602979][ T5668] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 179.618677][ T5668] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 179.630956][ T5668] EXT4-fs (loop0): This should not happen!! Data will be lost [ 179.630956][ T5668] [ 179.641525][ T5668] EXT4-fs (loop0): Total free blocks count 0 [pid 5667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5667] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5668] <... sendfile resumed>) = 75 [pid 5668] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] <... clone3 resumed> => {parent_tid=[5671]}, 88) = 5671 ./strace-static-x86_64: Process 5671 attached [pid 5671] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], [pid 5671] <... rseq resumed>) = 0 [pid 5667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5671] set_robust_list(0x7f03761d69a0, 24 [pid 5667] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] <... set_robust_list resumed>) = 0 [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5671] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5671] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] <... futex resumed>) = 0 [pid 5667] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5667] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5668] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5667] <... futex resumed>) = 0 [pid 5668] pipe2( [pid 5667] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5668] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5668] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5667] <... futex resumed>) = 0 [ 179.647628][ T5668] EXT4-fs (loop0): Free/Dirty block details [ 179.653607][ T5668] EXT4-fs (loop0): free_blocks=2415919104 [ 179.659392][ T5668] EXT4-fs (loop0): dirty_blocks=16 [ 179.664584][ T5668] EXT4-fs (loop0): Block reservation details [ 179.670635][ T5668] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5668] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5667] exit_group(0 [pid 5671] <... futex resumed>) = ? [pid 5668] <... futex resumed>) = ? [pid 5667] <... exit_group resumed>) = ? [pid 5671] +++ exited with 0 +++ [pid 5668] +++ exited with 0 +++ [pid 5667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5667, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 179.755017][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/bus") = 0 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5672 attached , child_tidptr=0x5555749a2690) = 5672 [pid 5672] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5672] chdir("./114") = 0 [pid 5672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5672] setpgid(0, 0) = 0 [pid 5672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5672] write(3, "1000", 4) = 4 [pid 5672] close(3) = 0 [pid 5672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5672] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5672] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5673 attached => {parent_tid=[5673]}, 88) = 5673 [pid 5673] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5672] rt_sigprocmask(SIG_SETMASK, [], [pid 5673] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5673] rt_sigprocmask(SIG_SETMASK, [], [pid 5672] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5672] <... futex resumed>) = 0 [pid 5673] memfd_create("syzkaller", 0 [pid 5672] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5673] <... memfd_create resumed>) = 3 [pid 5673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5673] munmap(0x7f036dc00000, 138412032) = 0 [pid 5673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5673] close(3) = 0 [pid 5673] close(4) = 0 [pid 5673] mkdir("./bus", 0777) = 0 [ 180.105097][ T5673] loop0: detected capacity change from 0 to 2048 [pid 5673] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5673] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5673] chdir("./bus") = 0 [pid 5673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5673] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5672] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... openat resumed>) = 4 [pid 5673] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... futex resumed>) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5672] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... openat resumed>) = 5 [pid 5673] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5672] <... futex resumed>) = 0 [pid 5673] <... openat resumed>) = 6 [ 180.155154][ T5673] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5672] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5673] <... futex resumed>) = 1 [pid 5672] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] write(6, "t", 1 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... write resumed>) = 1 [pid 5673] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 0 [pid 5673] <... futex resumed>) = 1 [pid 5672] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] sendfile(6, 5, NULL, 131071 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5672] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5672] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5676 attached => {parent_tid=[5676]}, 88) = 5676 [ 180.271384][ T5673] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 180.286832][ T5673] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 180.299612][ T5673] EXT4-fs (loop0): This should not happen!! Data will be lost [ 180.299612][ T5673] [ 180.311026][ T5673] EXT4-fs (loop0): Total free blocks count 0 [pid 5672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5676] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5672] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] set_robust_list(0x7f03761d69a0, 24 [pid 5672] <... futex resumed>) = 0 [pid 5676] <... set_robust_list resumed>) = 0 [pid 5672] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5676] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5676] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5676] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5672] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... sendfile resumed>) = 75 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] <... mmap resumed>) = 0x20000000 [pid 5673] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... futex resumed>) = 0 [pid 5676] <... futex resumed>) = 1 [pid 5673] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] <... futex resumed>) = 0 [pid 5676] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... futex resumed>) = 0 [pid 5672] <... futex resumed>) = 1 [pid 5673] pipe2( [pid 5672] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5673] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5673] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] <... futex resumed>) = 0 [pid 5672] exit_group(0 [pid 5676] <... futex resumed>) = ? [pid 5672] <... exit_group resumed>) = ? [pid 5676] +++ exited with 0 +++ [pid 5673] <... futex resumed>) = ? [ 180.317154][ T5673] EXT4-fs (loop0): Free/Dirty block details [ 180.323151][ T5673] EXT4-fs (loop0): free_blocks=2415919104 [ 180.329032][ T5673] EXT4-fs (loop0): dirty_blocks=16 [ 180.334276][ T5673] EXT4-fs (loop0): Block reservation details [ 180.340364][ T5673] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5673] +++ exited with 0 +++ [pid 5672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5672, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 180.415373][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./114/bus") = 0 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5677 attached , child_tidptr=0x5555749a2690) = 5677 [pid 5677] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5677] chdir("./115") = 0 [pid 5677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5677] setpgid(0, 0) = 0 [pid 5677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5677] write(3, "1000", 4) = 4 [pid 5677] close(3) = 0 [pid 5677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5677] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5677] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5677] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0} => {parent_tid=[5678]}, 88) = 5678 ./strace-static-x86_64: Process 5678 attached [pid 5678] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], [pid 5678] <... rseq resumed>) = 0 [pid 5677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5678] set_robust_list(0x7f03761f79a0, 24 [pid 5677] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... set_robust_list resumed>) = 0 [pid 5678] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] <... futex resumed>) = 0 [pid 5678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5677] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5678] memfd_create("syzkaller", 0) = 3 [pid 5678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5678] munmap(0x7f036dc00000, 138412032) = 0 [pid 5678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5678] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5678] close(3) = 0 [pid 5678] close(4) = 0 [pid 5678] mkdir("./bus", 0777) = 0 [ 180.762417][ T5678] loop0: detected capacity change from 0 to 2048 [pid 5678] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5678] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5678] chdir("./bus") = 0 [pid 5678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5678] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5678] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5677] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... openat resumed>) = 4 [pid 5677] <... futex resumed>) = 0 [pid 5678] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 180.806525][ T5678] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5678] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5677] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5677] <... futex resumed>) = 1 [pid 5678] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5677] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] <... openat resumed>) = 5 [pid 5678] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5678] <... futex resumed>) = 0 [pid 5677] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5678] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5678] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] <... futex resumed>) = 0 [pid 5677] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5677] <... futex resumed>) = 1 [pid 5678] write(6, "t", 1 [pid 5677] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] <... write resumed>) = 1 [pid 5678] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5678] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5677] <... futex resumed>) = 0 [pid 5678] sendfile(6, 5, NULL, 131071 [pid 5677] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5677] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 180.933364][ T5678] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 180.948662][ T5678] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 180.961021][ T5678] EXT4-fs (loop0): This should not happen!! Data will be lost [ 180.961021][ T5678] [ 180.970739][ T5678] EXT4-fs (loop0): Total free blocks count 0 [ 180.976755][ T5678] EXT4-fs (loop0): Free/Dirty block details [pid 5677] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5681 attached [pid 5681] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5677] <... clone3 resumed> => {parent_tid=[5681]}, 88) = 5681 [pid 5681] <... rseq resumed>) = 0 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], [pid 5681] set_robust_list(0x7f03761d69a0, 24 [pid 5677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5681] <... set_robust_list resumed>) = 0 [pid 5677] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] <... futex resumed>) = 0 [pid 5681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5677] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5681] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... sendfile resumed>) = 75 [pid 5681] <... futex resumed>) = 1 [pid 5678] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 0 [pid 5677] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] <... futex resumed>) = 0 [pid 5678] <... futex resumed>) = 0 [pid 5678] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5677] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] <... mmap resumed>) = 0x20000000 [pid 5678] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5678] <... futex resumed>) = 0 [pid 5677] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] pipe2( [pid 5677] <... futex resumed>) = 0 [pid 5678] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5677] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5678] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] exit_group(0 [pid 5678] <... futex resumed>) = ? [pid 5677] <... exit_group resumed>) = ? [pid 5678] +++ exited with 0 +++ [pid 5681] <... futex resumed>) = ? [ 180.982717][ T5678] EXT4-fs (loop0): free_blocks=2415919104 [ 180.988472][ T5678] EXT4-fs (loop0): dirty_blocks=16 [ 180.993650][ T5678] EXT4-fs (loop0): Block reservation details [ 180.999674][ T5678] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5681] +++ exited with 0 +++ [pid 5677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5677, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 181.060989][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/bus") = 0 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5682 attached , child_tidptr=0x5555749a2690) = 5682 [pid 5682] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5682] chdir("./116") = 0 [pid 5682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5682] setpgid(0, 0) = 0 [pid 5682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5682] write(3, "1000", 4) = 4 [pid 5682] close(3) = 0 [pid 5682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5682] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5682] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5682] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5683 attached => {parent_tid=[5683]}, 88) = 5683 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5682] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5683] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5683] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5683] memfd_create("syzkaller", 0) = 3 [pid 5683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5683] munmap(0x7f036dc00000, 138412032) = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5683] close(3) = 0 [pid 5683] close(4) = 0 [pid 5683] mkdir("./bus", 0777) = 0 [ 181.365506][ T5683] loop0: detected capacity change from 0 to 2048 [pid 5683] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5683] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5683] chdir("./bus") = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5683] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 181.406667][ T5683] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... futex resumed>) = 1 [pid 5683] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5683] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... futex resumed>) = 1 [pid 5683] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5683] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... futex resumed>) = 0 [pid 5683] <... futex resumed>) = 1 [pid 5683] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5682] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... openat resumed>) = 6 [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5683] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5682] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] write(6, "t", 1 [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... write resumed>) = 1 [pid 5683] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5683] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5682] <... futex resumed>) = 0 [pid 5683] sendfile(6, 5, NULL, 131071 [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5682] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5682] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 181.556421][ T5683] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 181.571896][ T5683] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 181.584183][ T5683] EXT4-fs (loop0): This should not happen!! Data will be lost [ 181.584183][ T5683] [ 181.594957][ T5683] EXT4-fs (loop0): Total free blocks count 0 [pid 5682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5686 attached [pid 5683] <... sendfile resumed>) = 75 [pid 5686] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5682] <... clone3 resumed> => {parent_tid=[5686]}, 88) = 5686 [pid 5686] <... rseq resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5686] set_robust_list(0x7f03761d69a0, 24 [pid 5683] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5682] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5686] <... set_robust_list resumed>) = 0 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5686] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5686] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5686] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5683] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5683] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5682] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 181.601375][ T5683] EXT4-fs (loop0): Free/Dirty block details [ 181.607318][ T5683] EXT4-fs (loop0): free_blocks=2415919104 [ 181.613204][ T5683] EXT4-fs (loop0): dirty_blocks=16 [ 181.618330][ T5683] EXT4-fs (loop0): Block reservation details [ 181.624599][ T5683] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... futex resumed>) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5683] pipe2( [pid 5682] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=39000000} [pid 5683] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5683] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5683] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] exit_group(0 [pid 5686] <... futex resumed>) = ? [pid 5683] <... futex resumed>) = ? [pid 5682] <... exit_group resumed>) = ? [pid 5686] +++ exited with 0 +++ [pid 5683] +++ exited with 0 +++ [pid 5682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5682, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 181.718957][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./116/bus") = 0 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5687 attached [pid 5687] set_robust_list(0x5555749a26a0, 24 [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5687 [pid 5687] <... set_robust_list resumed>) = 0 [pid 5687] chdir("./117") = 0 [pid 5687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5687] setpgid(0, 0) = 0 [pid 5687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5687] write(3, "1000", 4) = 4 [pid 5687] close(3) = 0 [pid 5687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5687] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5687] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5687] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5688 attached [pid 5688] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5687] <... clone3 resumed> => {parent_tid=[5688]}, 88) = 5688 [pid 5688] <... rseq resumed>) = 0 [pid 5687] rt_sigprocmask(SIG_SETMASK, [], [pid 5688] set_robust_list(0x7f03761f79a0, 24 [pid 5687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5688] <... set_robust_list resumed>) = 0 [pid 5687] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] rt_sigprocmask(SIG_SETMASK, [], [pid 5687] <... futex resumed>) = 0 [pid 5688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5687] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5688] memfd_create("syzkaller", 0) = 3 [pid 5688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5688] munmap(0x7f036dc00000, 138412032) = 0 [pid 5688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5688] close(3) = 0 [pid 5688] close(4) = 0 [pid 5688] mkdir("./bus", 0777) = 0 [ 182.067799][ T5688] loop0: detected capacity change from 0 to 2048 [pid 5688] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5688] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5688] chdir("./bus") = 0 [pid 5688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5688] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5688] <... futex resumed>) = 1 [pid 5687] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5687] <... futex resumed>) = 0 [pid 5688] <... openat resumed>) = 4 [pid 5687] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5687] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... openat resumed>) = 5 [ 182.119747][ T5688] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5688] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5687] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... openat resumed>) = 6 [pid 5688] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5688] <... futex resumed>) = 1 [pid 5688] write(6, "t", 1 [pid 5687] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... write resumed>) = 1 [pid 5688] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] <... futex resumed>) = 0 [pid 5688] sendfile(6, 5, NULL, 131071 [ 182.177120][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 182.177145][ T29] audit: type=1804 audit(1714530450.985:454): pid=5688 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/117/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5687] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 182.209540][ T29] audit: type=1804 audit(1714530451.005:455): pid=5688 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/117/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 182.255324][ T5688] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 5687] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5687] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5687] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5691 attached [pid 5691] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5687] <... clone3 resumed> => {parent_tid=[5691]}, 88) = 5691 [pid 5691] <... rseq resumed>) = 0 [pid 5691] set_robust_list(0x7f03761d69a0, 24 [pid 5687] rt_sigprocmask(SIG_SETMASK, [], [pid 5691] <... set_robust_list resumed>) = 0 [pid 5687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5687] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5691] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 182.270801][ T5688] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 182.283389][ T5688] EXT4-fs (loop0): This should not happen!! Data will be lost [ 182.283389][ T5688] [ 182.293453][ T5688] EXT4-fs (loop0): Total free blocks count 0 [ 182.300156][ T5688] EXT4-fs (loop0): Free/Dirty block details [ 182.306511][ T5688] EXT4-fs (loop0): free_blocks=2415919104 [ 182.312718][ T5688] EXT4-fs (loop0): dirty_blocks=16 [pid 5687] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5691] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... sendfile resumed>) = 75 [pid 5687] <... futex resumed>) = 0 [pid 5691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5687] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5691] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5688] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... mmap resumed>) = 0x20000000 [pid 5691] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5691] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5688] <... futex resumed>) = 0 [pid 5687] <... futex resumed>) = 1 [pid 5688] pipe2( [pid 5687] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5688] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5688] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5687] exit_group(0 [pid 5691] <... futex resumed>) = ? [pid 5688] <... futex resumed>) = ? [pid 5687] <... exit_group resumed>) = ? [pid 5688] +++ exited with 0 +++ [pid 5691] +++ exited with 0 +++ [pid 5687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5687, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 182.318643][ T29] audit: type=1804 audit(1714530451.125:456): pid=5691 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/117/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 182.319995][ T5688] EXT4-fs (loop0): Block reservation details [ 182.348345][ T5688] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 182.452939][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/bus") = 0 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5692 attached , child_tidptr=0x5555749a2690) = 5692 [pid 5692] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5692] chdir("./118") = 0 [pid 5692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5692] setpgid(0, 0) = 0 [pid 5692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5692] write(3, "1000", 4) = 4 [pid 5692] close(3) = 0 [pid 5692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5692] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5692] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5693 attached [pid 5693] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5692] <... clone3 resumed> => {parent_tid=[5693]}, 88) = 5693 [pid 5693] set_robust_list(0x7f03761f79a0, 24 [pid 5692] rt_sigprocmask(SIG_SETMASK, [], [pid 5693] <... set_robust_list resumed>) = 0 [pid 5693] rt_sigprocmask(SIG_SETMASK, [], [pid 5692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5692] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] memfd_create("syzkaller", 0 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5693] <... memfd_create resumed>) = 3 [pid 5693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5693] munmap(0x7f036dc00000, 138412032) = 0 [pid 5693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5693] close(3) = 0 [pid 5693] close(4) = 0 [pid 5693] mkdir("./bus", 0777) = 0 [ 182.795992][ T5693] loop0: detected capacity change from 0 to 2048 [pid 5693] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5693] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5693] chdir("./bus") = 0 [pid 5693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5693] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5692] <... futex resumed>) = 0 [pid 5693] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5692] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... openat resumed>) = 4 [pid 5693] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5692] <... futex resumed>) = 1 [pid 5693] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5692] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... openat resumed>) = 5 [ 182.846421][ T5693] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5693] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5693] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... futex resumed>) = 0 [pid 5693] <... futex resumed>) = 1 [pid 5692] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] write(6, "t", 1 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... write resumed>) = 1 [pid 5693] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] sendfile(6, 5, NULL, 131071 [pid 5692] <... futex resumed>) = 0 [ 182.905888][ T29] audit: type=1804 audit(1714530451.715:457): pid=5693 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/118/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 182.931188][ T29] audit: type=1804 audit(1714530451.745:458): pid=5693 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/118/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5692] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5692] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5692] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 183.009324][ T5693] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 183.024977][ T5693] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 183.037310][ T5693] EXT4-fs (loop0): This should not happen!! Data will be lost [ 183.037310][ T5693] [ 183.047078][ T5693] EXT4-fs (loop0): Total free blocks count 0 [ 183.053143][ T5693] EXT4-fs (loop0): Free/Dirty block details [pid 5692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5696 attached => {parent_tid=[5696]}, 88) = 5696 [pid 5696] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5696] <... rseq resumed>) = 0 [pid 5692] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] set_robust_list(0x7f03761d69a0, 24 [pid 5692] <... futex resumed>) = 0 [pid 5696] <... set_robust_list resumed>) = 0 [pid 5692] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5696] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5696] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... sendfile resumed>) = 75 [pid 5696] <... futex resumed>) = 1 [pid 5693] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5693] <... futex resumed>) = 0 [pid 5693] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 0 [pid 5692] <... futex resumed>) = 1 [pid 5693] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5692] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... mmap resumed>) = 0x20000000 [pid 5693] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] pipe2(0x20000240, 0) = 0 [pid 5693] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5693] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] <... futex resumed>) = 0 [pid 5692] exit_group(0 [pid 5696] <... futex resumed>) = ? [pid 5693] <... futex resumed>) = ? [pid 5692] <... exit_group resumed>) = ? [pid 5696] +++ exited with 0 +++ [pid 5693] +++ exited with 0 +++ [pid 5692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5692, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [ 183.059052][ T5693] EXT4-fs (loop0): free_blocks=2415919104 [ 183.064907][ T5693] EXT4-fs (loop0): dirty_blocks=16 [ 183.068937][ T29] audit: type=1804 audit(1714530451.885:459): pid=5696 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/118/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 183.070083][ T5693] EXT4-fs (loop0): Block reservation details [ 183.070108][ T5693] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 183.164184][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/bus") = 0 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5697 attached , child_tidptr=0x5555749a2690) = 5697 [pid 5697] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5697] chdir("./119") = 0 [pid 5697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5697] setpgid(0, 0) = 0 [pid 5697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5697] write(3, "1000", 4) = 4 [pid 5697] close(3) = 0 [pid 5697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5697] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5697] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5698 attached => {parent_tid=[5698]}, 88) = 5698 [pid 5698] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], [pid 5698] <... rseq resumed>) = 0 [pid 5697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5698] set_robust_list(0x7f03761f79a0, 24 [pid 5697] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... set_robust_list resumed>) = 0 [pid 5697] <... futex resumed>) = 0 [pid 5698] rt_sigprocmask(SIG_SETMASK, [], [pid 5697] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5698] memfd_create("syzkaller", 0) = 3 [pid 5698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5698] munmap(0x7f036dc00000, 138412032) = 0 [pid 5698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5698] close(3) = 0 [pid 5698] close(4) = 0 [pid 5698] mkdir("./bus", 0777) = 0 [ 183.515384][ T5698] loop0: detected capacity change from 0 to 2048 [pid 5698] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5698] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5698] chdir("./bus") = 0 [pid 5698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5698] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] <... futex resumed>) = 0 [pid 5697] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... futex resumed>) = 0 [pid 5698] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5697] <... futex resumed>) = 1 [pid 5697] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] <... openat resumed>) = 4 [pid 5698] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5697] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5697] <... futex resumed>) = 0 [pid 5698] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 183.556859][ T5698] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5698] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5697] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... futex resumed>) = 0 [pid 5697] <... futex resumed>) = 1 [pid 5698] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5697] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = 0 [pid 5697] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... futex resumed>) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5698] write(6, "t", 1 [pid 5697] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] <... write resumed>) = 1 [pid 5698] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5698] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5697] <... futex resumed>) = 0 [pid 5698] sendfile(6, 5, NULL, 131071 [ 183.598710][ T29] audit: type=1804 audit(1714530452.405:460): pid=5698 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/119/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 183.624505][ T29] audit: type=1804 audit(1714530452.405:461): pid=5698 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/119/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5697] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5697] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5697] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5702 attached [pid 5702] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5697] <... clone3 resumed> => {parent_tid=[5702]}, 88) = 5702 [pid 5702] <... rseq resumed>) = 0 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], [pid 5702] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5697] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5697] <... futex resumed>) = 0 [pid 5702] <... open resumed>) = 7 [ 183.700843][ T5698] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 183.716414][ T5698] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 183.728769][ T5698] EXT4-fs (loop0): This should not happen!! Data will be lost [ 183.728769][ T5698] [ 183.738500][ T5698] EXT4-fs (loop0): Total free blocks count 0 [ 183.744658][ T5698] EXT4-fs (loop0): Free/Dirty block details [pid 5697] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5702] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5697] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5702] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5697] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5702] <... mmap resumed>) = 0x20000000 [pid 5702] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... sendfile resumed>) = 75 [pid 5697] <... futex resumed>) = 0 [pid 5702] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... futex resumed>) = 0 [pid 5697] <... futex resumed>) = 0 [pid 5698] pipe2( [pid 5697] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5698] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5698] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] exit_group(0 [pid 5702] <... futex resumed>) = ? [pid 5698] <... futex resumed>) = ? [pid 5697] <... exit_group resumed>) = ? [pid 5702] +++ exited with 0 +++ [pid 5698] +++ exited with 0 +++ [pid 5697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5697, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 183.750677][ T5698] EXT4-fs (loop0): free_blocks=2415919104 [ 183.751085][ T29] audit: type=1804 audit(1714530452.565:462): pid=5702 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/119/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 183.756419][ T5698] EXT4-fs (loop0): dirty_blocks=16 [ 183.785139][ T5698] EXT4-fs (loop0): Block reservation details [ 183.791223][ T5698] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 183.845964][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/bus") = 0 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5703 attached , child_tidptr=0x5555749a2690) = 5703 [pid 5703] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5703] chdir("./120") = 0 [pid 5703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5703] setpgid(0, 0) = 0 [pid 5703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5703] write(3, "1000", 4) = 4 [pid 5703] close(3) = 0 [pid 5703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5703] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5703] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5703] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5704 attached => {parent_tid=[5704]}, 88) = 5704 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5703] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5704] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5704] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5704] memfd_create("syzkaller", 0) = 3 [pid 5704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5704] munmap(0x7f036dc00000, 138412032) = 0 [pid 5704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5704] close(3) = 0 [pid 5704] close(4) = 0 [pid 5704] mkdir("./bus", 0777) = 0 [ 184.184777][ T5704] loop0: detected capacity change from 0 to 2048 [pid 5704] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5704] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5704] chdir("./bus") = 0 [pid 5704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5704] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5704] <... futex resumed>) = 1 [pid 5703] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... openat resumed>) = 4 [pid 5704] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] <... futex resumed>) = 0 [pid 5704] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5703] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... openat resumed>) = 5 [ 184.234888][ T5704] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5704] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5703] <... futex resumed>) = 0 [pid 5704] <... openat resumed>) = 6 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = 1 [pid 5703] <... futex resumed>) = 0 [pid 5704] write(6, "t", 1 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... write resumed>) = 1 [pid 5704] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] <... futex resumed>) = 0 [pid 5704] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5703] <... futex resumed>) = 0 [pid 5704] sendfile(6, 5, NULL, 131071 [ 184.279537][ T29] audit: type=1804 audit(1714530453.085:463): pid=5704 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/120/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5703] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5703] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 184.352743][ T5704] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 184.368115][ T5704] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 184.380392][ T5704] EXT4-fs (loop0): This should not happen!! Data will be lost [ 184.380392][ T5704] [ 184.391202][ T5704] EXT4-fs (loop0): Total free blocks count 0 [ 184.397251][ T5704] EXT4-fs (loop0): Free/Dirty block details [pid 5703] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5703] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5707 attached [pid 5707] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5707] set_robust_list(0x7f03761d69a0, 24 [pid 5703] <... clone3 resumed> => {parent_tid=[5707]}, 88) = 5707 [pid 5707] <... set_robust_list resumed>) = 0 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], [pid 5707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5707] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5703] <... futex resumed>) = 0 [pid 5707] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5703] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] <... open resumed>) = 7 [pid 5707] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... sendfile resumed>) = 75 [pid 5707] <... futex resumed>) = 1 [pid 5704] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5707] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... futex resumed>) = 1 [pid 5703] <... futex resumed>) = 0 [pid 5704] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... mmap resumed>) = 0x20000000 [pid 5704] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] <... futex resumed>) = 0 [pid 5704] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] pipe2( [pid 5703] <... futex resumed>) = 0 [pid 5703] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5704] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5704] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = 0 [pid 5704] <... futex resumed>) = 1 [pid 5703] exit_group(0 [pid 5704] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5707] <... futex resumed>) = ? [pid 5704] <... futex resumed>) = ? [pid 5703] <... exit_group resumed>) = ? [pid 5707] +++ exited with 0 +++ [pid 5704] +++ exited with 0 +++ [pid 5703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5703, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 184.403893][ T5704] EXT4-fs (loop0): free_blocks=2415919104 [ 184.409654][ T5704] EXT4-fs (loop0): dirty_blocks=16 [ 184.415403][ T5704] EXT4-fs (loop0): Block reservation details [ 184.423624][ T5704] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 184.481747][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/bus") = 0 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5708 attached [pid 5708] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5708 [pid 5708] chdir("./121") = 0 [pid 5708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5708] setpgid(0, 0) = 0 [pid 5708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5708] write(3, "1000", 4) = 4 [pid 5708] close(3) = 0 [pid 5708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5708] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5708] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5709 attached [pid 5709] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5708] <... clone3 resumed> => {parent_tid=[5709]}, 88) = 5709 [pid 5709] set_robust_list(0x7f03761f79a0, 24 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5709] <... set_robust_list resumed>) = 0 [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5708] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] memfd_create("syzkaller", 0 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5709] <... memfd_create resumed>) = 3 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5709] munmap(0x7f036dc00000, 138412032) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5709] close(3) = 0 [pid 5709] close(4) = 0 [pid 5709] mkdir("./bus", 0777) = 0 [ 184.796023][ T5709] loop0: detected capacity change from 0 to 2048 [pid 5709] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5709] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5709] chdir("./bus") = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5709] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5708] <... futex resumed>) = 0 [pid 5709] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5708] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... openat resumed>) = 4 [pid 5709] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5708] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... openat resumed>) = 5 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5709] <... futex resumed>) = 0 [pid 5709] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5708] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... openat resumed>) = 6 [pid 5709] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5709] write(6, "t", 1 [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... write resumed>) = 1 [pid 5709] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5709] <... futex resumed>) = 1 [pid 5708] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] sendfile(6, 5, NULL, 131071 [pid 5708] <... futex resumed>) = 0 [ 184.845298][ T5709] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5708] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5708] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5708] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 184.948825][ T5709] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 184.964060][ T5709] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 184.976379][ T5709] EXT4-fs (loop0): This should not happen!! Data will be lost [ 184.976379][ T5709] [ 184.987271][ T5709] EXT4-fs (loop0): Total free blocks count 0 [pid 5708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5712 attached [pid 5712] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5708] <... clone3 resumed> => {parent_tid=[5712]}, 88) = 5712 [pid 5712] set_robust_list(0x7f03761d69a0, 24 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], [pid 5712] <... set_robust_list resumed>) = 0 [pid 5708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5712] rt_sigprocmask(SIG_SETMASK, [], [pid 5708] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5708] <... futex resumed>) = 0 [pid 5712] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5708] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] <... open resumed>) = 7 [pid 5712] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... sendfile resumed>) = 75 [pid 5708] <... futex resumed>) = 0 [pid 5709] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5708] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5708] <... futex resumed>) = 0 [pid 5712] <... futex resumed>) = 1 [pid 5709] <... mmap resumed>) = 0x20000000 [pid 5708] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5712] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5709] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5709] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5708] <... futex resumed>) = 0 [pid 5708] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5709] pipe2( [pid 5708] <... futex resumed>) = 1 [pid 5709] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5708] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5708] <... futex resumed>) = 0 [pid 5709] <... futex resumed>) = 1 [pid 5708] exit_group(0) = ? [pid 5709] +++ exited with 0 +++ [pid 5712] <... futex resumed>) = ? [ 184.993525][ T5709] EXT4-fs (loop0): Free/Dirty block details [ 185.000465][ T5709] EXT4-fs (loop0): free_blocks=2415919104 [ 185.006461][ T5709] EXT4-fs (loop0): dirty_blocks=16 [ 185.011809][ T5709] EXT4-fs (loop0): Block reservation details [ 185.017846][ T5709] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5712] +++ exited with 0 +++ [pid 5708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5708, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 185.139388][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/bus") = 0 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5713 ./strace-static-x86_64: Process 5713 attached [pid 5713] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5713] chdir("./122") = 0 [pid 5713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5713] setpgid(0, 0) = 0 [pid 5713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5713] write(3, "1000", 4) = 4 [pid 5713] close(3) = 0 [pid 5713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5713] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5713] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5714 attached => {parent_tid=[5714]}, 88) = 5714 [pid 5714] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], [pid 5714] <... rseq resumed>) = 0 [pid 5713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5714] set_robust_list(0x7f03761f79a0, 24 [pid 5713] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... set_robust_list resumed>) = 0 [pid 5713] <... futex resumed>) = 0 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], [pid 5713] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5714] memfd_create("syzkaller", 0) = 3 [pid 5714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5714] munmap(0x7f036dc00000, 138412032) = 0 [pid 5714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5714] close(3) = 0 [pid 5714] close(4) = 0 [pid 5714] mkdir("./bus", 0777) = 0 [pid 5714] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 185.434133][ T5714] loop0: detected capacity change from 0 to 2048 [pid 5714] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5714] chdir("./bus") = 0 [pid 5714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5714] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5714] <... futex resumed>) = 1 [pid 5713] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... openat resumed>) = 4 [pid 5714] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5713] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... openat resumed>) = 5 [pid 5714] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5713] <... futex resumed>) = 0 [pid 5714] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5713] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... openat resumed>) = 6 [pid 5714] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5713] <... futex resumed>) = 0 [pid 5714] write(6, "t", 1 [pid 5713] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] <... write resumed>) = 1 [pid 5714] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] <... futex resumed>) = 0 [pid 5714] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5713] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5713] <... futex resumed>) = 0 [pid 5714] sendfile(6, 5, NULL, 131071 [pid 5713] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5713] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5713] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5717 attached [pid 5717] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5717] set_robust_list(0x7f03761d69a0, 24 [pid 5713] <... clone3 resumed> => {parent_tid=[5717]}, 88) = 5717 [pid 5717] <... set_robust_list resumed>) = 0 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], [pid 5717] rt_sigprocmask(SIG_SETMASK, [], [pid 5713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5713] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5713] <... futex resumed>) = 0 [pid 5717] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5713] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... open resumed>) = 7 [pid 5717] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5717] <... futex resumed>) = 1 [pid 5713] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5713] <... futex resumed>) = 0 [ 185.575656][ T5714] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 185.590758][ T5714] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 185.603560][ T5714] EXT4-fs (loop0): This should not happen!! Data will be lost [ 185.603560][ T5714] [ 185.615899][ T5714] EXT4-fs (loop0): Total free blocks count 0 [pid 5713] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... mmap resumed>) = 0x20000000 [pid 5714] <... sendfile resumed>) = 75 [pid 5717] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5713] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] <... futex resumed>) = 1 [pid 5714] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] pipe2( [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5717] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5717] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 0 [pid 5717] <... futex resumed>) = 1 [pid 5713] exit_group(0 [pid 5717] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5714] <... futex resumed>) = ? [pid 5713] <... exit_group resumed>) = ? [pid 5717] +++ exited with 0 +++ [pid 5714] +++ exited with 0 +++ [pid 5713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5713, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 185.622364][ T5714] EXT4-fs (loop0): Free/Dirty block details [ 185.628796][ T5714] EXT4-fs (loop0): free_blocks=2415919104 [ 185.634620][ T5714] EXT4-fs (loop0): dirty_blocks=16 [ 185.639773][ T5714] EXT4-fs (loop0): Block reservation details [ 185.645874][ T5714] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 185.705030][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 185.717309][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 185.717309][ T2467] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/bus") = 0 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5718 ./strace-static-x86_64: Process 5718 attached [pid 5718] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5718] chdir("./123") = 0 [pid 5718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5718] setpgid(0, 0) = 0 [pid 5718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5718] write(3, "1000", 4) = 4 [pid 5718] close(3) = 0 [pid 5718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5718] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5718] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5719 attached [pid 5719] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5718] <... clone3 resumed> => {parent_tid=[5719]}, 88) = 5719 [pid 5719] <... rseq resumed>) = 0 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5719] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5719] rt_sigprocmask(SIG_SETMASK, [], [pid 5718] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5718] <... futex resumed>) = 0 [pid 5719] memfd_create("syzkaller", 0 [pid 5718] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5719] <... memfd_create resumed>) = 3 [pid 5719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5719] munmap(0x7f036dc00000, 138412032) = 0 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5719] close(3) = 0 [pid 5719] close(4) = 0 [pid 5719] mkdir("./bus", 0777) = 0 [pid 5719] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 186.019321][ T5719] loop0: detected capacity change from 0 to 2048 [pid 5719] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5719] chdir("./bus") = 0 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5719] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 0 [pid 5718] <... futex resumed>) = 1 [pid 5719] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5718] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... openat resumed>) = 4 [pid 5719] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5718] <... futex resumed>) = 0 [pid 5719] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5718] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... openat resumed>) = 5 [pid 5719] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5718] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... openat resumed>) = 6 [pid 5719] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] write(6, "t", 1 [pid 5718] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... write resumed>) = 1 [pid 5719] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5719] <... futex resumed>) = 1 [pid 5718] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] sendfile(6, 5, NULL, 131071 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5718] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5718] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 186.182044][ T5719] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 186.197382][ T5719] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 186.210706][ T5719] EXT4-fs (loop0): This should not happen!! Data will be lost [ 186.210706][ T5719] [ 186.220975][ T5719] EXT4-fs (loop0): Total free blocks count 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5722 attached => {parent_tid=[5722]}, 88) = 5722 [pid 5722] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5722] <... rseq resumed>) = 0 [pid 5722] set_robust_list(0x7f03761d69a0, 24 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5722] <... set_robust_list resumed>) = 0 [pid 5718] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5718] <... futex resumed>) = 0 [pid 5722] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5718] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] <... open resumed>) = 7 [pid 5722] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] <... sendfile resumed>) = 75 [pid 5718] <... futex resumed>) = 0 [pid 5722] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5718] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] <... mmap resumed>) = 0x20000000 [pid 5719] <... futex resumed>) = 0 [pid 5722] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] <... futex resumed>) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5722] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 0 [pid 5718] <... futex resumed>) = 1 [pid 5719] pipe2(0x20000240, 0) = 0 [pid 5718] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] exit_group(0 [pid 5722] <... futex resumed>) = ? [pid 5719] <... futex resumed>) = ? [pid 5718] <... exit_group resumed>) = ? [pid 5722] +++ exited with 0 +++ [pid 5719] +++ exited with 0 +++ [pid 5718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5718, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 186.227673][ T5719] EXT4-fs (loop0): Free/Dirty block details [ 186.233702][ T5719] EXT4-fs (loop0): free_blocks=2415919104 [ 186.240405][ T5719] EXT4-fs (loop0): dirty_blocks=16 [ 186.245573][ T5719] EXT4-fs (loop0): Block reservation details [ 186.252320][ T5719] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 186.321184][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 186.333516][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 186.333516][ T2467] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/bus") = 0 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5723 attached , child_tidptr=0x5555749a2690) = 5723 [pid 5723] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5723] chdir("./124") = 0 [pid 5723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5723] setpgid(0, 0) = 0 [pid 5723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5723] write(3, "1000", 4) = 4 [pid 5723] close(3) = 0 [pid 5723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5723] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5723] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5724 attached [pid 5724] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5724] set_robust_list(0x7f03761f79a0, 24 [pid 5723] <... clone3 resumed> => {parent_tid=[5724]}, 88) = 5724 [pid 5724] <... set_robust_list resumed>) = 0 [pid 5723] rt_sigprocmask(SIG_SETMASK, [], [pid 5724] rt_sigprocmask(SIG_SETMASK, [], [pid 5723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5724] memfd_create("syzkaller", 0 [pid 5723] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5724] <... memfd_create resumed>) = 3 [pid 5724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5724] munmap(0x7f036dc00000, 138412032) = 0 [pid 5724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5724] close(3) = 0 [pid 5724] close(4) = 0 [pid 5724] mkdir("./bus", 0777) = 0 [pid 5724] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5724] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5724] chdir("./bus") = 0 [pid 5724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5724] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = 0 [pid 5724] <... futex resumed>) = 1 [pid 5723] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5723] <... futex resumed>) = 0 [ 186.664389][ T5724] loop0: detected capacity change from 0 to 2048 [pid 5724] <... openat resumed>) = 4 [pid 5723] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5724] <... futex resumed>) = 0 [pid 5723] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5723] <... futex resumed>) = 0 [pid 5724] <... openat resumed>) = 5 [pid 5723] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5723] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5724] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5723] <... futex resumed>) = 1 [pid 5723] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] <... openat resumed>) = 6 [pid 5724] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = 0 [pid 5724] <... futex resumed>) = 1 [pid 5723] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] write(6, "t", 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] <... write resumed>) = 1 [pid 5723] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5724] sendfile(6, 5, NULL, 131071 [pid 5723] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5723] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 186.787526][ T5724] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 186.802892][ T5724] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 186.815557][ T5724] EXT4-fs (loop0): This should not happen!! Data will be lost [ 186.815557][ T5724] [ 186.826033][ T5724] EXT4-fs (loop0): Total free blocks count 0 [pid 5723] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5727 attached [pid 5727] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5727] set_robust_list(0x7f03761d69a0, 24 [pid 5723] <... clone3 resumed> => {parent_tid=[5727]}, 88) = 5727 [pid 5727] <... set_robust_list resumed>) = 0 [pid 5723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5727] rt_sigprocmask(SIG_SETMASK, [], [pid 5723] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5727] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5723] <... futex resumed>) = 0 [pid 5727] <... open resumed>) = 7 [pid 5723] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5727] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5727] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] <... futex resumed>) = 0 [pid 5723] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5727] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5723] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] <... sendfile resumed>) = 75 [pid 5724] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] <... mmap resumed>) = 0x20000000 [pid 5727] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] <... futex resumed>) = 0 [pid 5727] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5723] <... futex resumed>) = 1 [pid 5724] pipe2( [pid 5723] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5724] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5724] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] <... futex resumed>) = 0 [pid 5723] exit_group(0 [pid 5727] <... futex resumed>) = ? [pid 5724] <... futex resumed>) = ? [pid 5723] <... exit_group resumed>) = ? [pid 5727] +++ exited with 0 +++ [pid 5724] +++ exited with 0 +++ [pid 5723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5723, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 186.833293][ T5724] EXT4-fs (loop0): Free/Dirty block details [ 186.839241][ T5724] EXT4-fs (loop0): free_blocks=2415919104 [ 186.845502][ T5724] EXT4-fs (loop0): dirty_blocks=16 [ 186.851083][ T5724] EXT4-fs (loop0): Block reservation details [ 186.857695][ T5724] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 186.962957][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 186.975268][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 186.975268][ T2467] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/bus") = 0 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5728 attached , child_tidptr=0x5555749a2690) = 5728 [pid 5728] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5728] chdir("./125") = 0 [pid 5728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5728] setpgid(0, 0) = 0 [pid 5728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5728] write(3, "1000", 4) = 4 [pid 5728] close(3) = 0 [pid 5728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5728] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5728] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5728] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5729 attached [pid 5729] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5728] <... clone3 resumed> => {parent_tid=[5729]}, 88) = 5729 [pid 5729] <... rseq resumed>) = 0 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], [pid 5729] set_robust_list(0x7f03761f79a0, 24 [pid 5728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5729] <... set_robust_list resumed>) = 0 [pid 5728] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5728] <... futex resumed>) = 0 [pid 5729] memfd_create("syzkaller", 0 [pid 5728] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5729] <... memfd_create resumed>) = 3 [pid 5729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5729] munmap(0x7f036dc00000, 138412032) = 0 [pid 5729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5729] close(3) = 0 [pid 5729] close(4) = 0 [pid 5729] mkdir("./bus", 0777) = 0 [pid 5729] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5729] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 187.341347][ T5729] loop0: detected capacity change from 0 to 2048 [pid 5729] chdir("./bus") = 0 [pid 5729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5729] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5729] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5728] <... futex resumed>) = 0 [pid 5729] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5728] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... openat resumed>) = 4 [pid 5729] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 0 [pid 5729] <... futex resumed>) = 1 [pid 5728] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... openat resumed>) = 5 [pid 5729] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5728] <... futex resumed>) = 0 [pid 5729] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5728] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 0 [pid 5729] <... futex resumed>) = 1 [pid 5728] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] write(6, "t", 1 [pid 5728] <... futex resumed>) = 0 [pid 5728] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... write resumed>) = 1 [pid 5729] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] <... futex resumed>) = 0 [pid 5729] sendfile(6, 5, NULL, 131071 [pid 5728] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 187.411007][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 187.411030][ T29] audit: type=1804 audit(1714530456.225:478): pid=5729 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/125/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 187.441850][ T29] audit: type=1804 audit(1714530456.225:479): pid=5729 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/125/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5728] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5728] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5728] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5732 attached [pid 5732] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5732] set_robust_list(0x7f03761d69a0, 24 [pid 5728] <... clone3 resumed> => {parent_tid=[5732]}, 88) = 5732 [pid 5732] <... set_robust_list resumed>) = 0 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], [pid 5732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5732] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5728] <... futex resumed>) = 0 [pid 5732] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5728] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] <... open resumed>) = 7 [ 187.502724][ T5729] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 187.518539][ T5729] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 5732] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 0 [pid 5732] <... futex resumed>) = 1 [pid 5728] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5728] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5732] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = 1 [pid 5729] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 0 [pid 5732] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5729] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5729] pipe2( [pid 5728] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5729] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5729] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5729] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... futex resumed>) = 0 [pid 5728] exit_group(0) = ? [pid 5732] <... futex resumed>) = ? [pid 5729] <... futex resumed>) = ? [pid 5732] +++ exited with 0 +++ [pid 5729] +++ exited with 0 +++ [pid 5728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5728, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 187.530909][ T29] audit: type=1804 audit(1714530456.325:480): pid=5732 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/125/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 187.540200][ T5729] EXT4-fs (loop0): This should not happen!! Data will be lost [ 187.540200][ T5729] [ 187.564561][ T5729] EXT4-fs (loop0): Total free blocks count 0 [ 187.571345][ T5729] EXT4-fs (loop0): Free/Dirty block details [ 187.577560][ T5729] EXT4-fs (loop0): free_blocks=2415919104 [ 187.583373][ T5729] EXT4-fs (loop0): dirty_blocks=16 [ 187.588516][ T5729] EXT4-fs (loop0): Block reservation details [ 187.594591][ T5729] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 187.673563][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 187.685838][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 187.685838][ T2467] umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/bus") = 0 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5733 ./strace-static-x86_64: Process 5733 attached [pid 5733] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5733] chdir("./126") = 0 [pid 5733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5733] setpgid(0, 0) = 0 [pid 5733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5733] write(3, "1000", 4) = 4 [pid 5733] close(3) = 0 [pid 5733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5733] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5733] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5734 attached [pid 5734] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5733] <... clone3 resumed> => {parent_tid=[5734]}, 88) = 5734 [pid 5734] <... rseq resumed>) = 0 [pid 5734] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5734] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5733] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5734] memfd_create("syzkaller", 0 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5734] <... memfd_create resumed>) = 3 [pid 5734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5734] munmap(0x7f036dc00000, 138412032) = 0 [pid 5734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5734] close(3) = 0 [pid 5734] close(4) = 0 [pid 5734] mkdir("./bus", 0777) = 0 [pid 5734] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5734] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5734] chdir("./bus") = 0 [ 188.042476][ T5734] loop0: detected capacity change from 0 to 2048 [pid 5734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5734] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5733] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] <... openat resumed>) = 4 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5734] <... futex resumed>) = 0 [pid 5733] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5733] <... futex resumed>) = 0 [pid 5734] <... openat resumed>) = 5 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5734] <... futex resumed>) = 0 [pid 5733] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] write(6, "t", 1 [pid 5733] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... write resumed>) = 1 [pid 5734] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] sendfile(6, 5, NULL, 131071 [pid 5733] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 188.126789][ T29] audit: type=1804 audit(1714530456.935:481): pid=5734 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/126/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 188.151018][ T29] audit: type=1804 audit(1714530456.935:482): pid=5734 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/126/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5733] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5733] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5737 attached [pid 5737] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5737] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5733] <... clone3 resumed> => {parent_tid=[5737]}, 88) = 5737 [pid 5737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5733] rt_sigprocmask(SIG_SETMASK, [], [pid 5737] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5733] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... open resumed>) = 7 [ 188.198726][ T5734] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 188.214617][ T5734] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 188.226908][ T5734] EXT4-fs (loop0): This should not happen!! Data will be lost [ 188.226908][ T5734] [ 188.236879][ T5734] EXT4-fs (loop0): Total free blocks count 0 [pid 5737] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5737] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5737] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5733] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... mmap resumed>) = 0x20000000 [pid 5734] <... sendfile resumed>) = 75 [pid 5737] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5737] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5733] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5734] <... futex resumed>) = 1 [pid 5734] pipe2(0x20000240, 0) = 0 [pid 5734] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] exit_group(0 [pid 5734] <... futex resumed>) = ? [pid 5733] <... exit_group resumed>) = ? [pid 5737] <... futex resumed>) = ? [pid 5734] +++ exited with 0 +++ [ 188.243658][ T5734] EXT4-fs (loop0): Free/Dirty block details [ 188.249636][ T29] audit: type=1804 audit(1714530457.055:483): pid=5737 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/126/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 188.249948][ T5734] EXT4-fs (loop0): free_blocks=2415919104 [ 188.280299][ T5734] EXT4-fs (loop0): dirty_blocks=16 [ 188.285430][ T5734] EXT4-fs (loop0): Block reservation details [ 188.291841][ T5734] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5737] +++ exited with 0 +++ [pid 5733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5733, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 188.401868][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 188.414167][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 188.414167][ T139] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/bus") = 0 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5738 attached , child_tidptr=0x5555749a2690) = 5738 [pid 5738] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5738] chdir("./127") = 0 [pid 5738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5738] setpgid(0, 0) = 0 [pid 5738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5738] write(3, "1000", 4) = 4 [pid 5738] close(3) = 0 [pid 5738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5738] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5738] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5738] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5739 attached => {parent_tid=[5739]}, 88) = 5739 [pid 5739] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5738] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5739] <... rseq resumed>) = 0 [pid 5739] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5739] memfd_create("syzkaller", 0) = 3 [pid 5739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5739] munmap(0x7f036dc00000, 138412032) = 0 [pid 5739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5739] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5739] close(3) = 0 [pid 5739] close(4) = 0 [pid 5739] mkdir("./bus", 0777) = 0 [pid 5739] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 188.699760][ T5739] loop0: detected capacity change from 0 to 2048 [pid 5739] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5739] chdir("./bus") = 0 [pid 5739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5739] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5738] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5738] <... futex resumed>) = 0 [pid 5739] <... openat resumed>) = 4 [pid 5738] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5738] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5739] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5738] <... futex resumed>) = 1 [pid 5738] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... openat resumed>) = 5 [pid 5739] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5738] <... futex resumed>) = 1 [pid 5739] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5738] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... openat resumed>) = 6 [pid 5739] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5739] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] write(6, "t", 1) = 1 [pid 5739] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5738] <... futex resumed>) = 0 [pid 5739] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5738] <... futex resumed>) = 1 [pid 5739] sendfile(6, 5, NULL, 131071 [ 188.784534][ T29] audit: type=1804 audit(1714530457.595:484): pid=5739 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/127/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 188.808840][ T29] audit: type=1804 audit(1714530457.615:485): pid=5739 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/127/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5738] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5738] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5738] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 188.876020][ T5739] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 188.891374][ T5739] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 188.903622][ T5739] EXT4-fs (loop0): This should not happen!! Data will be lost [ 188.903622][ T5739] [ 188.913316][ T5739] EXT4-fs (loop0): Total free blocks count 0 [ 188.919301][ T5739] EXT4-fs (loop0): Free/Dirty block details [pid 5738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5742 attached [pid 5739] <... sendfile resumed>) = 75 [pid 5742] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5738] <... clone3 resumed> => {parent_tid=[5742]}, 88) = 5742 [pid 5739] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... rseq resumed>) = 0 [pid 5738] rt_sigprocmask(SIG_SETMASK, [], [pid 5742] set_robust_list(0x7f03761d69a0, 24 [pid 5738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5742] <... set_robust_list resumed>) = 0 [pid 5738] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], [pid 5738] <... futex resumed>) = 0 [pid 5742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5738] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5739] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] <... open resumed>) = 7 [ 188.925242][ T5739] EXT4-fs (loop0): free_blocks=2415919104 [ 188.931038][ T5739] EXT4-fs (loop0): dirty_blocks=16 [ 188.936181][ T5739] EXT4-fs (loop0): Block reservation details [ 188.942234][ T5739] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5742] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] <... futex resumed>) = 0 [pid 5738] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5739] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5738] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5738] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] pipe2( [pid 5738] <... futex resumed>) = 0 [pid 5739] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5738] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5738] exit_group(0 [pid 5742] <... futex resumed>) = ? [pid 5738] <... exit_group resumed>) = ? [pid 5742] +++ exited with 0 +++ [pid 5739] +++ exited with 0 +++ [pid 5738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5738, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [ 188.970787][ T29] audit: type=1804 audit(1714530457.785:486): pid=5742 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/127/bus/bus" dev="loop0" ino=18 res=1 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 189.102853][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 189.115261][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 189.115261][ T2467] newfstatat(AT_FDCWD, "./127/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/bus") = 0 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5743 attached , child_tidptr=0x5555749a2690) = 5743 [pid 5743] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5743] chdir("./128") = 0 [pid 5743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5743] setpgid(0, 0) = 0 [pid 5743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5743] write(3, "1000", 4) = 4 [pid 5743] close(3) = 0 [pid 5743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5743] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5743] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5743] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5743] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5744 attached [pid 5744] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5743] <... clone3 resumed> => {parent_tid=[5744]}, 88) = 5744 [pid 5744] <... rseq resumed>) = 0 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], [pid 5744] set_robust_list(0x7f03761f79a0, 24 [pid 5743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5744] <... set_robust_list resumed>) = 0 [pid 5743] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5744] memfd_create("syzkaller", 0) = 3 [pid 5744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5744] munmap(0x7f036dc00000, 138412032) = 0 [pid 5744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5744] close(3) = 0 [pid 5744] close(4) = 0 [pid 5744] mkdir("./bus", 0777) = 0 [ 189.428360][ T5744] loop0: detected capacity change from 0 to 2048 [pid 5744] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5744] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5744] chdir("./bus") = 0 [pid 5744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5744] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5744] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5744] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5743] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... openat resumed>) = 4 [pid 5744] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5744] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5743] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... openat resumed>) = 5 [pid 5744] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5744] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5744] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5743] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... openat resumed>) = 6 [pid 5744] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5744] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] write(6, "t", 1 [pid 5743] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... write resumed>) = 1 [pid 5744] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5744] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5744] sendfile(6, 5, NULL, 131071 [ 189.534090][ T29] audit: type=1804 audit(1714530458.345:487): pid=5744 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/128/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5743] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5743] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 189.634849][ T5744] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 189.650531][ T5744] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 189.662870][ T5744] EXT4-fs (loop0): This should not happen!! Data will be lost [ 189.662870][ T5744] [ 189.672684][ T5744] EXT4-fs (loop0): Total free blocks count 0 [ 189.678709][ T5744] EXT4-fs (loop0): Free/Dirty block details [pid 5743] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5743] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5748]}, 88) = 5748 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5743] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5748 attached [pid 5748] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5744] <... sendfile resumed>) = 75 [pid 5748] <... rseq resumed>) = 0 [pid 5748] set_robust_list(0x7f03761d69a0, 24 [pid 5744] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... set_robust_list resumed>) = 0 [pid 5744] <... futex resumed>) = 0 [pid 5748] rt_sigprocmask(SIG_SETMASK, [], [pid 5744] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5748] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5748] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = 0 [pid 5743] <... futex resumed>) = 1 [pid 5744] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5744] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [ 189.684709][ T5744] EXT4-fs (loop0): free_blocks=2415919104 [ 189.690514][ T5744] EXT4-fs (loop0): dirty_blocks=16 [ 189.695689][ T5744] EXT4-fs (loop0): Block reservation details [ 189.701824][ T5744] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5744] pipe2( [pid 5743] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5744] <... futex resumed>) = 0 [pid 5743] exit_group(0 [pid 5748] <... futex resumed>) = ? [pid 5743] <... exit_group resumed>) = ? [pid 5748] +++ exited with 0 +++ [pid 5744] +++ exited with 0 +++ [pid 5743] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5743, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/bus") = 0 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 [ 189.770827][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 189.783537][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 189.783537][ T139] close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5749 attached , child_tidptr=0x5555749a2690) = 5749 [pid 5749] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5749] chdir("./129") = 0 [pid 5749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5749] setpgid(0, 0) = 0 [pid 5749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5749] write(3, "1000", 4) = 4 [pid 5749] close(3) = 0 [pid 5749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5749] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5749] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5749] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5750 attached [pid 5750] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5749] <... clone3 resumed> => {parent_tid=[5750]}, 88) = 5750 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5749] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5750] <... rseq resumed>) = 0 [pid 5750] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5750] memfd_create("syzkaller", 0) = 3 [pid 5750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5750] munmap(0x7f036dc00000, 138412032) = 0 [pid 5750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5750] close(3) = 0 [pid 5750] close(4) = 0 [pid 5750] mkdir("./bus", 0777) = 0 [pid 5750] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5750] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5750] chdir("./bus") = 0 [ 189.995867][ T5750] loop0: detected capacity change from 0 to 2048 [pid 5750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5750] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5750] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5749] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... openat resumed>) = 4 [pid 5750] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5750] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5749] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5749] <... futex resumed>) = 0 [pid 5750] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5749] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... openat resumed>) = 5 [pid 5750] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5749] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5749] <... futex resumed>) = 0 [pid 5750] <... openat resumed>) = 6 [pid 5749] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5750] <... futex resumed>) = 1 [pid 5749] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5750] write(6, "t", 1 [pid 5749] <... futex resumed>) = 0 [pid 5749] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] <... write resumed>) = 1 [pid 5750] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5750] sendfile(6, 5, NULL, 131071 [pid 5749] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5749] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5749] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 190.153878][ T5750] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 190.169453][ T5750] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 190.181751][ T5750] EXT4-fs (loop0): This should not happen!! Data will be lost [ 190.181751][ T5750] [ 190.191488][ T5750] EXT4-fs (loop0): Total free blocks count 0 [ 190.197520][ T5750] EXT4-fs (loop0): Free/Dirty block details [pid 5749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5753 attached [pid 5753] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5749] <... clone3 resumed> => {parent_tid=[5753]}, 88) = 5753 [pid 5753] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], [pid 5753] rt_sigprocmask(SIG_SETMASK, [], [pid 5749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5749] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5749] <... futex resumed>) = 0 [pid 5753] <... open resumed>) = 7 [pid 5749] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5749] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5749] <... futex resumed>) = 0 [pid 5753] <... mmap resumed>) = 0x20000000 [pid 5750] <... sendfile resumed>) = 75 [pid 5749] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5750] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5753] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5749] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5750] <... futex resumed>) = 0 [pid 5749] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] pipe2(0x20000240, 0) = 0 [pid 5750] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] <... futex resumed>) = 0 [pid 5750] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5749] exit_group(0 [pid 5750] <... futex resumed>) = ? [pid 5749] <... exit_group resumed>) = ? [pid 5750] +++ exited with 0 +++ [pid 5753] <... futex resumed>) = ? [ 190.203514][ T5750] EXT4-fs (loop0): free_blocks=2415919104 [ 190.209377][ T5750] EXT4-fs (loop0): dirty_blocks=16 [ 190.214728][ T5750] EXT4-fs (loop0): Block reservation details [ 190.220837][ T5750] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5753] +++ exited with 0 +++ [pid 5749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5749, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 190.314240][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 190.326581][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 190.326581][ T2467] openat(AT_FDCWD, "./129/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/bus") = 0 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5754 attached , child_tidptr=0x5555749a2690) = 5754 [pid 5754] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5754] chdir("./130") = 0 [pid 5754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5754] setpgid(0, 0) = 0 [pid 5754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5754] write(3, "1000", 4) = 4 [pid 5754] close(3) = 0 [pid 5754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5754] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5754] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5755 attached [pid 5755] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5754] <... clone3 resumed> => {parent_tid=[5755]}, 88) = 5755 [pid 5755] <... rseq resumed>) = 0 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], [pid 5755] set_robust_list(0x7f03761f79a0, 24 [pid 5754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5755] <... set_robust_list resumed>) = 0 [pid 5754] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], [pid 5754] <... futex resumed>) = 0 [pid 5755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5754] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5755] memfd_create("syzkaller", 0) = 3 [pid 5755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5755] munmap(0x7f036dc00000, 138412032) = 0 [pid 5755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5755] close(3) = 0 [pid 5755] close(4) = 0 [pid 5755] mkdir("./bus", 0777) = 0 [pid 5755] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5755] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5755] chdir("./bus") = 0 [ 190.680192][ T5755] loop0: detected capacity change from 0 to 2048 [pid 5755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5755] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... openat resumed>) = 4 [pid 5755] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... openat resumed>) = 5 [pid 5755] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5755] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5754] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... openat resumed>) = 6 [pid 5755] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5755] write(6, "t", 1 [pid 5754] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... write resumed>) = 1 [pid 5755] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5755] sendfile(6, 5, NULL, 131071 [pid 5754] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5754] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5754] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 190.832497][ T5755] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 190.848030][ T5755] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 190.860442][ T5755] EXT4-fs (loop0): This should not happen!! Data will be lost [ 190.860442][ T5755] [ 190.870196][ T5755] EXT4-fs (loop0): Total free blocks count 0 [ 190.876238][ T5755] EXT4-fs (loop0): Free/Dirty block details [pid 5754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5758 attached => {parent_tid=[5758]}, 88) = 5758 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5754] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5755] <... sendfile resumed>) = 75 [pid 5758] set_robust_list(0x7f03761d69a0, 24 [pid 5755] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... set_robust_list resumed>) = 0 [pid 5755] <... futex resumed>) = 0 [pid 5758] rt_sigprocmask(SIG_SETMASK, [], [pid 5755] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5758] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5758] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5758] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5755] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5754] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... mmap resumed>) = 0x20000000 [pid 5755] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] pipe2( [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5755] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] exit_group(0 [pid 5758] <... futex resumed>) = ? [pid 5755] <... futex resumed>) = ? [pid 5754] <... exit_group resumed>) = ? [pid 5758] +++ exited with 0 +++ [pid 5755] +++ exited with 0 +++ [pid 5754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5754, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 190.882321][ T5755] EXT4-fs (loop0): free_blocks=2415919104 [ 190.888091][ T5755] EXT4-fs (loop0): dirty_blocks=16 [ 190.893347][ T5755] EXT4-fs (loop0): Block reservation details [ 190.899366][ T5755] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 190.968039][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 190.980423][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 190.980423][ T2467] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/bus") = 0 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5759 attached , child_tidptr=0x5555749a2690) = 5759 [pid 5759] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5759] chdir("./131") = 0 [pid 5759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5759] setpgid(0, 0) = 0 [pid 5759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5759] write(3, "1000", 4) = 4 [pid 5759] close(3) = 0 [pid 5759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5759] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5759] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5759] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5760 attached [pid 5760] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5759] <... clone3 resumed> => {parent_tid=[5760]}, 88) = 5760 [pid 5760] set_robust_list(0x7f03761f79a0, 24 [pid 5759] rt_sigprocmask(SIG_SETMASK, [], [pid 5760] <... set_robust_list resumed>) = 0 [pid 5759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], [pid 5759] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5760] memfd_create("syzkaller", 0 [pid 5759] <... futex resumed>) = 0 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5760] <... memfd_create resumed>) = 3 [pid 5760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5760] munmap(0x7f036dc00000, 138412032) = 0 [pid 5760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5760] close(3) = 0 [pid 5760] close(4) = 0 [pid 5760] mkdir("./bus", 0777) = 0 [pid 5760] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5760] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 191.352359][ T5760] loop0: detected capacity change from 0 to 2048 [pid 5760] chdir("./bus") = 0 [pid 5760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5760] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5759] <... futex resumed>) = 0 [pid 5760] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... openat resumed>) = 4 [pid 5760] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5759] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5759] <... futex resumed>) = 0 [pid 5760] <... openat resumed>) = 5 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... futex resumed>) = 0 [pid 5759] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... openat resumed>) = 6 [pid 5760] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... futex resumed>) = 0 [pid 5760] <... futex resumed>) = 1 [pid 5759] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] write(6, "t", 1 [pid 5759] <... futex resumed>) = 0 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... write resumed>) = 1 [pid 5760] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] <... futex resumed>) = 0 [pid 5759] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5759] <... futex resumed>) = 1 [pid 5760] sendfile(6, 5, NULL, 131071 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5759] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5759] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 191.527153][ T5760] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 191.542756][ T5760] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 191.555116][ T5760] EXT4-fs (loop0): This should not happen!! Data will be lost [ 191.555116][ T5760] [ 191.565146][ T5760] EXT4-fs (loop0): Total free blocks count 0 [ 191.571256][ T5760] EXT4-fs (loop0): Free/Dirty block details [pid 5759] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5763 attached [pid 5763] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5759] <... clone3 resumed> => {parent_tid=[5763]}, 88) = 5763 [pid 5763] <... rseq resumed>) = 0 [pid 5759] rt_sigprocmask(SIG_SETMASK, [], [pid 5763] set_robust_list(0x7f03761d69a0, 24 [pid 5759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5763] <... set_robust_list resumed>) = 0 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], [pid 5759] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5759] <... futex resumed>) = 0 [pid 5763] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5759] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... open resumed>) = 7 [pid 5763] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... sendfile resumed>) = 75 [pid 5763] <... futex resumed>) = 1 [pid 5760] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] <... futex resumed>) = 0 [pid 5763] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... futex resumed>) = 1 [pid 5760] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5759] <... futex resumed>) = 0 [pid 5760] <... mmap resumed>) = 0x20000000 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5760] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5759] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5760] pipe2( [pid 5759] <... futex resumed>) = 1 [pid 5759] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5760] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] exit_group(0) = ? [pid 5763] <... futex resumed>) = ? [pid 5760] <... futex resumed>) = ? [pid 5763] +++ exited with 0 +++ [pid 5760] +++ exited with 0 +++ [ 191.577185][ T5760] EXT4-fs (loop0): free_blocks=2415919104 [ 191.582991][ T5760] EXT4-fs (loop0): dirty_blocks=16 [ 191.588138][ T5760] EXT4-fs (loop0): Block reservation details [ 191.594220][ T5760] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5759, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/bus") = 0 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 [ 191.661813][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 191.674219][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 191.674219][ T2467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5764 attached , child_tidptr=0x5555749a2690) = 5764 [pid 5764] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5764] chdir("./132") = 0 [pid 5764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5764] setpgid(0, 0) = 0 [pid 5764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5764] write(3, "1000", 4) = 4 [pid 5764] close(3) = 0 [pid 5764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5764] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5764] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5764] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5764] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5765 attached [pid 5765] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5764] <... clone3 resumed> => {parent_tid=[5765]}, 88) = 5765 [pid 5765] set_robust_list(0x7f03761f79a0, 24 [pid 5764] rt_sigprocmask(SIG_SETMASK, [], [pid 5765] <... set_robust_list resumed>) = 0 [pid 5765] rt_sigprocmask(SIG_SETMASK, [], [pid 5764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5764] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] memfd_create("syzkaller", 0 [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5765] <... memfd_create resumed>) = 3 [pid 5765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5765] munmap(0x7f036dc00000, 138412032) = 0 [pid 5765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5765] close(3) = 0 [pid 5765] close(4) = 0 [pid 5765] mkdir("./bus", 0777) = 0 [ 191.915654][ T5765] loop0: detected capacity change from 0 to 2048 [pid 5765] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5765] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5765] chdir("./bus") = 0 [pid 5765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5765] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5765] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5764] <... futex resumed>) = 1 [pid 5765] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5764] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... openat resumed>) = 4 [pid 5765] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 1 [pid 5765] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5764] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... openat resumed>) = 5 [pid 5765] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5764] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... openat resumed>) = 6 [pid 5765] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] write(6, "t", 1 [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... write resumed>) = 1 [pid 5765] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5765] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5764] <... futex resumed>) = 1 [pid 5765] sendfile(6, 5, NULL, 131071 [pid 5764] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5764] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5764] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5764] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5768 attached [pid 5768] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5768] set_robust_list(0x7f03761d69a0, 24 [pid 5764] <... clone3 resumed> => {parent_tid=[5768]}, 88) = 5768 [pid 5768] <... set_robust_list resumed>) = 0 [pid 5768] rt_sigprocmask(SIG_SETMASK, [], [pid 5764] rt_sigprocmask(SIG_SETMASK, [], [pid 5768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5768] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5764] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5764] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... open resumed>) = 7 [ 192.042723][ T5765] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 192.057987][ T5765] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 192.070684][ T5765] EXT4-fs (loop0): This should not happen!! Data will be lost [ 192.070684][ T5765] [ 192.081512][ T5765] EXT4-fs (loop0): Total free blocks count 0 [pid 5768] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5764] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5764] <... futex resumed>) = 0 [pid 5764] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... sendfile resumed>) = 75 [pid 5768] <... mmap resumed>) = 0x20000000 [pid 5765] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] <... futex resumed>) = 1 [pid 5764] <... futex resumed>) = 0 [pid 5768] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5764] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] <... futex resumed>) = 0 [pid 5764] <... futex resumed>) = 1 [pid 5765] pipe2( [pid 5764] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5765] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] <... futex resumed>) = 0 [pid 5764] exit_group(0 [pid 5768] <... futex resumed>) = ? [pid 5764] <... exit_group resumed>) = ? [pid 5768] +++ exited with 0 +++ [pid 5765] <... futex resumed>) = ? [pid 5765] +++ exited with 0 +++ [pid 5764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5764, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 192.089067][ T5765] EXT4-fs (loop0): Free/Dirty block details [ 192.095923][ T5765] EXT4-fs (loop0): free_blocks=2415919104 [ 192.101789][ T5765] EXT4-fs (loop0): dirty_blocks=16 [ 192.107364][ T5765] EXT4-fs (loop0): Block reservation details [ 192.114068][ T5765] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 192.186229][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 192.198495][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 192.198495][ T139] getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/bus") = 0 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5769 attached , child_tidptr=0x5555749a2690) = 5769 [pid 5769] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5769] chdir("./133") = 0 [pid 5769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5769] setpgid(0, 0) = 0 [pid 5769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1000", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5769] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5769] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5770 attached => {parent_tid=[5770]}, 88) = 5770 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5770] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5769] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] set_robust_list(0x7f03761f79a0, 24 [pid 5769] <... futex resumed>) = 0 [pid 5770] <... set_robust_list resumed>) = 0 [pid 5769] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5770] memfd_create("syzkaller", 0) = 3 [pid 5770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5770] munmap(0x7f036dc00000, 138412032) = 0 [pid 5770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5770] close(3) = 0 [pid 5770] close(4) = 0 [pid 5770] mkdir("./bus", 0777) = 0 [ 192.527506][ T5770] loop0: detected capacity change from 0 to 2048 [pid 5770] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5770] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5770] chdir("./bus") = 0 [pid 5770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5770] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5770] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5769] <... futex resumed>) = 0 [pid 5770] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5769] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... openat resumed>) = 4 [pid 5770] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5770] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5769] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... openat resumed>) = 5 [pid 5770] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... futex resumed>) = 0 [pid 5770] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5770] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] write(6, "t", 1 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... write resumed>) = 1 [pid 5770] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5770] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5770] sendfile(6, 5, NULL, 131071 [pid 5769] <... futex resumed>) = 0 [ 192.623929][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 192.623952][ T29] audit: type=1804 audit(1714530461.435:502): pid=5770 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/133/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 192.654371][ T29] audit: type=1804 audit(1714530461.445:503): pid=5770 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/133/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5769] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5769] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5769] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5773 attached [pid 5773] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5769] <... clone3 resumed> => {parent_tid=[5773]}, 88) = 5773 [pid 5773] set_robust_list(0x7f03761d69a0, 24 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], [pid 5773] <... set_robust_list resumed>) = 0 [ 192.715622][ T5770] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 192.731448][ T5770] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 192.744086][ T5770] EXT4-fs (loop0): This should not happen!! Data will be lost [ 192.744086][ T5770] [ 192.753913][ T5770] EXT4-fs (loop0): Total free blocks count 0 [ 192.759950][ T5770] EXT4-fs (loop0): Free/Dirty block details [pid 5773] rt_sigprocmask(SIG_SETMASK, [], [pid 5769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5773] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5769] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... open resumed>) = 7 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... futex resumed>) = 1 [pid 5773] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5770] <... sendfile resumed>) = 75 [pid 5773] <... mmap resumed>) = 0x20000000 [pid 5770] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5770] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5773] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5769] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] <... futex resumed>) = 0 [pid 5769] <... futex resumed>) = 1 [pid 5770] pipe2( [pid 5769] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... pipe2 resumed>0x20000240, 0) = 0 [ 192.766030][ T5770] EXT4-fs (loop0): free_blocks=2415919104 [ 192.770398][ T29] audit: type=1804 audit(1714530461.585:504): pid=5773 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/133/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 192.771891][ T5770] EXT4-fs (loop0): dirty_blocks=16 [ 192.800638][ T5770] EXT4-fs (loop0): Block reservation details [ 192.806681][ T5770] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5770] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5770] <... futex resumed>) = 1 [pid 5769] exit_group(0 [pid 5773] <... futex resumed>) = ? [pid 5769] <... exit_group resumed>) = ? [pid 5773] +++ exited with 0 +++ [pid 5770] +++ exited with 0 +++ [pid 5769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5769, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 192.889390][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 192.902360][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 192.902360][ T139] openat(AT_FDCWD, "./133/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/bus") = 0 umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5774 attached , child_tidptr=0x5555749a2690) = 5774 [pid 5774] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5774] chdir("./134") = 0 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5774] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5775 attached [pid 5775] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5774] <... clone3 resumed> => {parent_tid=[5775]}, 88) = 5775 [pid 5775] <... rseq resumed>) = 0 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], [pid 5775] set_robust_list(0x7f03761f79a0, 24 [pid 5774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5775] <... set_robust_list resumed>) = 0 [pid 5774] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] <... futex resumed>) = 0 [pid 5775] memfd_create("syzkaller", 0 [pid 5774] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5775] <... memfd_create resumed>) = 3 [pid 5775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5775] munmap(0x7f036dc00000, 138412032) = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5775] close(3) = 0 [pid 5775] close(4) = 0 [pid 5775] mkdir("./bus", 0777) = 0 [pid 5775] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5775] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 193.232726][ T5775] loop0: detected capacity change from 0 to 2048 [pid 5775] chdir("./bus") = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5775] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = 1 [pid 5774] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5774] <... futex resumed>) = 0 [pid 5775] <... openat resumed>) = 4 [pid 5774] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5775] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] <... futex resumed>) = 0 [pid 5775] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5774] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... openat resumed>) = 5 [pid 5775] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5775] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] <... futex resumed>) = 0 [pid 5775] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5774] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... openat resumed>) = 6 [pid 5775] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5775] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] write(6, "t", 1 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... write resumed>) = 1 [pid 5775] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5775] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] sendfile(6, 5, NULL, 131071 [pid 5774] <... futex resumed>) = 0 [ 193.310239][ T29] audit: type=1804 audit(1714530462.115:505): pid=5775 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/134/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 193.336090][ T29] audit: type=1804 audit(1714530462.135:506): pid=5775 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/134/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5774] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5774] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.399107][ T5775] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 193.414212][ T5775] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 193.426673][ T5775] EXT4-fs (loop0): This should not happen!! Data will be lost [ 193.426673][ T5775] [ 193.436481][ T5775] EXT4-fs (loop0): Total free blocks count 0 [ 193.442578][ T5775] EXT4-fs (loop0): Free/Dirty block details [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5774] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5778]}, 88) = 5778 ./strace-static-x86_64: Process 5778 attached [pid 5774] rt_sigprocmask(SIG_SETMASK, [], [pid 5778] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5778] <... rseq resumed>) = 0 [pid 5774] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] set_robust_list(0x7f03761d69a0, 24 [pid 5774] <... futex resumed>) = 0 [pid 5778] <... set_robust_list resumed>) = 0 [pid 5775] <... sendfile resumed>) = 75 [pid 5775] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5778] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5778] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5778] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5774] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... mmap resumed>) = 0x20000000 [pid 5775] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... futex resumed>) = 1 [pid 5775] pipe2(0x20000240, 0) = 0 [pid 5775] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5774] exit_group(0 [pid 5778] <... futex resumed>) = ? [pid 5774] <... exit_group resumed>) = ? [pid 5778] +++ exited with 0 +++ [pid 5775] <... futex resumed>) = ? [ 193.448506][ T5775] EXT4-fs (loop0): free_blocks=2415919104 [ 193.454465][ T5775] EXT4-fs (loop0): dirty_blocks=16 [ 193.459652][ T5775] EXT4-fs (loop0): Block reservation details [ 193.465766][ T5775] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5775] +++ exited with 0 +++ [pid 5774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5774, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 193.477586][ T29] audit: type=1804 audit(1714530462.285:507): pid=5778 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/134/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 193.537567][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 193.550130][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 193.550130][ T2467] getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/bus") = 0 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5779 attached , child_tidptr=0x5555749a2690) = 5779 [pid 5779] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5779] chdir("./135") = 0 [pid 5779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5779] setpgid(0, 0) = 0 [pid 5779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5779] write(3, "1000", 4) = 4 [pid 5779] close(3) = 0 [pid 5779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5779] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5779] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5779] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5779] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5780 attached [pid 5780] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5779] <... clone3 resumed> => {parent_tid=[5780]}, 88) = 5780 [pid 5780] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5779] rt_sigprocmask(SIG_SETMASK, [], [pid 5780] rt_sigprocmask(SIG_SETMASK, [], [pid 5779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5779] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] memfd_create("syzkaller", 0 [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5780] <... memfd_create resumed>) = 3 [pid 5780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5780] munmap(0x7f036dc00000, 138412032) = 0 [pid 5780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5780] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5780] close(3) = 0 [pid 5780] close(4) = 0 [pid 5780] mkdir("./bus", 0777) = 0 [ 193.923650][ T5780] loop0: detected capacity change from 0 to 2048 [pid 5780] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5780] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5780] chdir("./bus") = 0 [pid 5780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5780] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5779] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... openat resumed>) = 4 [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5779] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5779] <... futex resumed>) = 0 [pid 5780] <... openat resumed>) = 5 [ 193.974967][ T5780] EXT4-fs mount: 26 callbacks suppressed [ 193.974987][ T5780] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5779] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5779] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5780] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5779] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... futex resumed>) = 0 [pid 5780] write(6, "t", 1) = 1 [pid 5780] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5780] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5780] sendfile(6, 5, NULL, 131071 [ 194.032803][ T29] audit: type=1804 audit(1714530462.845:508): pid=5780 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/135/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 194.057074][ T29] audit: type=1804 audit(1714530462.845:509): pid=5780 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/135/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5779] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5779] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5779] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5779] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5783 attached [pid 5783] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5783] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5779] <... clone3 resumed> => {parent_tid=[5783]}, 88) = 5783 [pid 5783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5779] rt_sigprocmask(SIG_SETMASK, [], [pid 5783] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5779] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [ 194.118768][ T5780] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 194.135352][ T5780] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 194.147744][ T5780] EXT4-fs (loop0): This should not happen!! Data will be lost [ 194.147744][ T5780] [ 194.157560][ T5780] EXT4-fs (loop0): Total free blocks count 0 [pid 5783] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5779] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... futex resumed>) = 0 [pid 5779] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5783] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5779] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] <... mmap resumed>) = 0x20000000 [pid 5780] <... sendfile resumed>) = 75 [pid 5783] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = 1 [pid 5779] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = 0 [pid 5783] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] pipe2( [pid 5779] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5779] <... futex resumed>) = 0 [pid 5780] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] exit_group(0 [pid 5780] <... futex resumed>) = ? [pid 5783] <... futex resumed>) = ? [pid 5780] +++ exited with 0 +++ [pid 5779] <... exit_group resumed>) = ? [pid 5783] +++ exited with 0 +++ [ 194.163726][ T5780] EXT4-fs (loop0): Free/Dirty block details [ 194.167151][ T29] audit: type=1804 audit(1714530462.985:510): pid=5783 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/135/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 194.169732][ T5780] EXT4-fs (loop0): free_blocks=2415919104 [ 194.199416][ T5780] EXT4-fs (loop0): dirty_blocks=16 [ 194.204709][ T5780] EXT4-fs (loop0): Block reservation details [ 194.210783][ T5780] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5779] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5779, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 194.293781][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/bus") = 0 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5784 ./strace-static-x86_64: Process 5784 attached [pid 5784] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5784] chdir("./136") = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5784] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5784] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0} => {parent_tid=[5785]}, 88) = 5785 ./strace-static-x86_64: Process 5785 attached [pid 5785] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5784] rt_sigprocmask(SIG_SETMASK, [], [pid 5785] <... rseq resumed>) = 0 [pid 5784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5785] set_robust_list(0x7f03761f79a0, 24 [pid 5784] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... set_robust_list resumed>) = 0 [pid 5784] <... futex resumed>) = 0 [pid 5785] rt_sigprocmask(SIG_SETMASK, [], [pid 5784] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5785] memfd_create("syzkaller", 0) = 3 [pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5785] munmap(0x7f036dc00000, 138412032) = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5785] close(3) = 0 [pid 5785] close(4) = 0 [pid 5785] mkdir("./bus", 0777) = 0 [pid 5785] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5785] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5785] chdir("./bus") = 0 [ 194.587322][ T5785] loop0: detected capacity change from 0 to 2048 [ 194.621653][ T5785] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5785] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5785] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = 0 [pid 5784] <... futex resumed>) = 1 [pid 5785] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5784] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... openat resumed>) = 4 [pid 5785] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5785] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5785] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5785] <... futex resumed>) = 0 [pid 5784] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5785] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5784] <... futex resumed>) = 0 [pid 5785] write(6, "t", 1 [pid 5784] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... write resumed>) = 1 [pid 5785] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 194.717094][ T29] audit: type=1804 audit(1714530463.525:511): pid=5785 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/136/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5784] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] sendfile(6, 5, NULL, 131071 [pid 5784] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5784] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5784] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5788 attached [pid 5788] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5784] <... clone3 resumed> => {parent_tid=[5788]}, 88) = 5788 [pid 5788] set_robust_list(0x7f03761d69a0, 24 [pid 5784] rt_sigprocmask(SIG_SETMASK, [], [pid 5788] <... set_robust_list resumed>) = 0 [pid 5784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5788] rt_sigprocmask(SIG_SETMASK, [], [pid 5784] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5784] <... futex resumed>) = 0 [pid 5788] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5784] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5788] <... open resumed>) = 7 [ 194.828073][ T5785] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 194.843897][ T5785] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 194.857060][ T5785] EXT4-fs (loop0): This should not happen!! Data will be lost [ 194.857060][ T5785] [ 194.867569][ T5785] EXT4-fs (loop0): Total free blocks count 0 [pid 5788] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5788] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5784] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5788] <... mmap resumed>) = 0x20000000 [pid 5785] <... sendfile resumed>) = 75 [pid 5788] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5788] <... futex resumed>) = 1 [pid 5785] <... futex resumed>) = 0 [pid 5784] <... futex resumed>) = 0 [pid 5788] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5785] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5784] <... futex resumed>) = 0 [pid 5785] pipe2( [pid 5784] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5785] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] exit_group(0 [pid 5788] <... futex resumed>) = ? [pid 5788] +++ exited with 0 +++ [pid 5785] <... futex resumed>) = ? [pid 5784] <... exit_group resumed>) = ? [pid 5785] +++ exited with 0 +++ [pid 5784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 194.875080][ T5785] EXT4-fs (loop0): Free/Dirty block details [ 194.881515][ T5785] EXT4-fs (loop0): free_blocks=2415919104 [ 194.887564][ T5785] EXT4-fs (loop0): dirty_blocks=16 [ 194.893152][ T5785] EXT4-fs (loop0): Block reservation details [ 194.899811][ T5785] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 194.964254][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./136/bus") = 0 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5789 attached , child_tidptr=0x5555749a2690) = 5789 [pid 5789] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5789] chdir("./137") = 0 [pid 5789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5789] setpgid(0, 0) = 0 [pid 5789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5789] write(3, "1000", 4) = 4 [pid 5789] close(3) = 0 [pid 5789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5789] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5789] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5790 attached [pid 5790] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5789] <... clone3 resumed> => {parent_tid=[5790]}, 88) = 5790 [pid 5790] set_robust_list(0x7f03761f79a0, 24 [pid 5789] rt_sigprocmask(SIG_SETMASK, [], [pid 5790] <... set_robust_list resumed>) = 0 [pid 5789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5790] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5789] <... futex resumed>) = 0 [pid 5790] memfd_create("syzkaller", 0 [pid 5789] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5790] <... memfd_create resumed>) = 3 [pid 5790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5790] munmap(0x7f036dc00000, 138412032) = 0 [pid 5790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5790] close(3) = 0 [pid 5790] close(4) = 0 [pid 5790] mkdir("./bus", 0777) = 0 [ 195.304787][ T5790] loop0: detected capacity change from 0 to 2048 [pid 5790] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5790] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5790] chdir("./bus") = 0 [pid 5790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5790] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 0 [pid 5790] <... futex resumed>) = 1 [pid 5789] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5789] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... openat resumed>) = 4 [pid 5790] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5789] <... futex resumed>) = 0 [pid 5790] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5789] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... openat resumed>) = 5 [pid 5790] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5789] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] <... openat resumed>) = 6 [pid 5790] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5789] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5790] write(6, "t", 1 [pid 5789] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... write resumed>) = 1 [pid 5790] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5790] sendfile(6, 5, NULL, 131071 [ 195.364739][ T5790] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5789] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5789] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 195.447149][ T5790] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 195.462191][ T5790] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 195.474924][ T5790] EXT4-fs (loop0): This should not happen!! Data will be lost [ 195.474924][ T5790] [ 195.484657][ T5790] EXT4-fs (loop0): Total free blocks count 0 [ 195.490729][ T5790] EXT4-fs (loop0): Free/Dirty block details [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5789] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5793 attached [pid 5793] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5793] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5793] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] <... clone3 resumed> => {parent_tid=[5793]}, 88) = 5793 [pid 5793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5793] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5790] <... sendfile resumed>) = 75 [pid 5789] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5789] <... futex resumed>) = 1 [pid 5793] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5789] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5793] <... open resumed>) = 7 [pid 5790] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5793] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... futex resumed>) = 0 [pid 5790] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5789] <... futex resumed>) = 1 [pid 5789] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... mmap resumed>) = 0x20000000 [pid 5790] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 0 [pid 5790] <... futex resumed>) = 1 [pid 5789] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] pipe2( [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5790] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] <... futex resumed>) = 0 [pid 5789] exit_group(0 [pid 5793] <... futex resumed>) = ? [pid 5790] <... futex resumed>) = ? [pid 5789] <... exit_group resumed>) = ? [pid 5793] +++ exited with 0 +++ [pid 5790] +++ exited with 0 +++ [pid 5789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5789, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [ 195.496645][ T5790] EXT4-fs (loop0): free_blocks=2415919104 [ 195.502483][ T5790] EXT4-fs (loop0): dirty_blocks=16 [ 195.507647][ T5790] EXT4-fs (loop0): Block reservation details [ 195.514669][ T5790] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 195.622678][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./137/bus") = 0 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5794 ./strace-static-x86_64: Process 5794 attached [pid 5794] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5794] chdir("./138") = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5794] setpgid(0, 0) = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5794] write(3, "1000", 4) = 4 [pid 5794] close(3) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5794] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5794] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5795 attached => {parent_tid=[5795]}, 88) = 5795 [pid 5795] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], [pid 5795] set_robust_list(0x7f03761f79a0, 24 [pid 5794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5795] <... set_robust_list resumed>) = 0 [pid 5795] rt_sigprocmask(SIG_SETMASK, [], [pid 5794] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5794] <... futex resumed>) = 0 [pid 5795] memfd_create("syzkaller", 0 [pid 5794] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5795] <... memfd_create resumed>) = 3 [pid 5795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5795] munmap(0x7f036dc00000, 138412032) = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5795] close(3) = 0 [pid 5795] close(4) = 0 [pid 5795] mkdir("./bus", 0777) = 0 [ 195.954767][ T5795] loop0: detected capacity change from 0 to 2048 [pid 5795] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5795] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5795] chdir("./bus") = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5795] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5794] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... openat resumed>) = 4 [pid 5795] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5795] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5794] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] <... openat resumed>) = 5 [pid 5794] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... futex resumed>) = 0 [pid 5794] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5794] <... futex resumed>) = 0 [ 196.015394][ T5795] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5794] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... openat resumed>) = 6 [pid 5795] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = 0 [pid 5794] <... futex resumed>) = 1 [pid 5795] write(6, "t", 1 [pid 5794] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... write resumed>) = 1 [pid 5795] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5794] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] sendfile(6, 5, NULL, 131071 [pid 5794] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5794] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5794] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5798 attached [pid 5798] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5798] set_robust_list(0x7f03761d69a0, 24 [pid 5794] <... clone3 resumed> => {parent_tid=[5798]}, 88) = 5798 [pid 5798] <... set_robust_list resumed>) = 0 [pid 5798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], [pid 5798] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5794] <... futex resumed>) = 0 [pid 5798] <... open resumed>) = 7 [ 196.150951][ T5795] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 196.166941][ T5795] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 196.179926][ T5795] EXT4-fs (loop0): This should not happen!! Data will be lost [ 196.179926][ T5795] [ 196.190345][ T5795] EXT4-fs (loop0): Total free blocks count 0 [pid 5794] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5798] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5798] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5798] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5794] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5798] <... mmap resumed>) = 0x20000000 [pid 5795] <... sendfile resumed>) = 75 [pid 5798] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5798] <... futex resumed>) = 1 [pid 5795] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5798] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] pipe2( [pid 5794] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=39000000} [pid 5795] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5795] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] exit_group(0) = ? [pid 5798] <... futex resumed>) = ? [pid 5798] +++ exited with 0 +++ [pid 5795] <... futex resumed>) = ? [pid 5795] +++ exited with 0 +++ [pid 5794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5794, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 196.196978][ T5795] EXT4-fs (loop0): Free/Dirty block details [ 196.203513][ T5795] EXT4-fs (loop0): free_blocks=2415919104 [ 196.209304][ T5795] EXT4-fs (loop0): dirty_blocks=16 [ 196.214751][ T5795] EXT4-fs (loop0): Block reservation details [ 196.223798][ T5795] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 196.325963][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./138/bus") = 0 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5799 attached , child_tidptr=0x5555749a2690) = 5799 [pid 5799] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5799] chdir("./139") = 0 [pid 5799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5799] setpgid(0, 0) = 0 [pid 5799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5799] write(3, "1000", 4) = 4 [pid 5799] close(3) = 0 [pid 5799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5799] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5799] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5799] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5800 attached => {parent_tid=[5800]}, 88) = 5800 [pid 5799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5800] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5799] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] set_robust_list(0x7f03761f79a0, 24 [pid 5799] <... futex resumed>) = 0 [pid 5800] <... set_robust_list resumed>) = 0 [pid 5799] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5800] memfd_create("syzkaller", 0) = 3 [pid 5800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5800] munmap(0x7f036dc00000, 138412032) = 0 [pid 5800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5800] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5800] close(3) = 0 [pid 5800] close(4) = 0 [pid 5800] mkdir("./bus", 0777) = 0 [ 196.666778][ T5800] loop0: detected capacity change from 0 to 2048 [pid 5800] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5800] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5800] chdir("./bus") = 0 [pid 5800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5800] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5799] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5800] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5799] <... futex resumed>) = 0 [pid 5800] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5799] <... futex resumed>) = 0 [pid 5800] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5799] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] <... openat resumed>) = 5 [pid 5800] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] <... futex resumed>) = 0 [pid 5800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5799] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] <... openat resumed>) = 6 [pid 5800] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5799] <... futex resumed>) = 0 [pid 5800] write(6, "t", 1 [pid 5799] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] <... write resumed>) = 1 [pid 5799] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5800] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] <... futex resumed>) = 0 [pid 5800] sendfile(6, 5, NULL, 131071 [pid 5799] <... futex resumed>) = 1 [ 196.706548][ T5800] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5799] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5799] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5799] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 196.801826][ T5800] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 196.817422][ T5800] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 196.829690][ T5800] EXT4-fs (loop0): This should not happen!! Data will be lost [ 196.829690][ T5800] [ 196.839401][ T5800] EXT4-fs (loop0): Total free blocks count 0 [ 196.845517][ T5800] EXT4-fs (loop0): Free/Dirty block details [pid 5799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5803]}, 88) = 5803 [pid 5799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5799] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5803 attached [pid 5803] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5803] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5803] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5803] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5800] <... sendfile resumed>) = 75 [pid 5799] <... futex resumed>) = 0 [pid 5803] <... mmap resumed>) = 0x20000000 [pid 5800] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5803] <... futex resumed>) = 0 [pid 5799] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] <... futex resumed>) = 1 [pid 5799] <... futex resumed>) = 0 [pid 5799] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=39000000} [pid 5800] pipe2(0x20000240, 0) = 0 [pid 5800] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5799] <... futex resumed>) = 0 [pid 5800] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] exit_group(0 [pid 5803] <... futex resumed>) = ? [pid 5800] <... futex resumed>) = ? [pid 5799] <... exit_group resumed>) = ? [pid 5803] +++ exited with 0 +++ [pid 5800] +++ exited with 0 +++ [pid 5799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5799, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 196.851514][ T5800] EXT4-fs (loop0): free_blocks=2415919104 [ 196.857290][ T5800] EXT4-fs (loop0): dirty_blocks=16 [ 196.862539][ T5800] EXT4-fs (loop0): Block reservation details [ 196.869126][ T5800] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 196.919891][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/bus") = 0 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5804 attached , child_tidptr=0x5555749a2690) = 5804 [pid 5804] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5804] chdir("./140") = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5804] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5804] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5805 attached => {parent_tid=[5805]}, 88) = 5805 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5805] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5804] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] set_robust_list(0x7f03761f79a0, 24 [pid 5804] <... futex resumed>) = 0 [pid 5805] <... set_robust_list resumed>) = 0 [pid 5804] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5805] memfd_create("syzkaller", 0) = 3 [pid 5805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5805] munmap(0x7f036dc00000, 138412032) = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5805] close(3) = 0 [pid 5805] close(4) = 0 [pid 5805] mkdir("./bus", 0777) = 0 [ 197.251086][ T5805] loop0: detected capacity change from 0 to 2048 [pid 5805] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5805] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5805] chdir("./bus") = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5805] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5804] <... futex resumed>) = 0 [pid 5805] <... openat resumed>) = 4 [pid 5804] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5805] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] <... futex resumed>) = 0 [ 197.299654][ T5805] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5805] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5804] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] <... futex resumed>) = 0 [pid 5805] <... futex resumed>) = 1 [pid 5804] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... openat resumed>) = 6 [pid 5805] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] <... futex resumed>) = 0 [pid 5805] <... futex resumed>) = 1 [pid 5804] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] write(6, "t", 1 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... write resumed>) = 1 [pid 5805] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] <... futex resumed>) = 0 [pid 5805] <... futex resumed>) = 1 [pid 5804] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] sendfile(6, 5, NULL, 131071 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5804] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5804] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5809 attached [pid 5809] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5804] <... clone3 resumed> => {parent_tid=[5809]}, 88) = 5809 [pid 5809] <... rseq resumed>) = 0 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5809] set_robust_list(0x7f03761d69a0, 24 [pid 5804] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... set_robust_list resumed>) = 0 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], [pid 5804] <... futex resumed>) = 0 [pid 5809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5804] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 197.437618][ T5805] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 197.453575][ T5805] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 197.465977][ T5805] EXT4-fs (loop0): This should not happen!! Data will be lost [ 197.465977][ T5805] [ 197.475778][ T5805] EXT4-fs (loop0): Total free blocks count 0 [pid 5809] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5809] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5804] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] <... mmap resumed>) = 0x20000000 [pid 5805] <... sendfile resumed>) = 75 [pid 5809] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 1 [pid 5805] <... futex resumed>) = 0 [pid 5804] <... futex resumed>) = 0 [pid 5809] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5805] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] <... futex resumed>) = 0 [pid 5805] pipe2( [pid 5804] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5805] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] exit_group(0 [pid 5809] <... futex resumed>) = ? [pid 5805] <... futex resumed>) = ? [pid 5804] <... exit_group resumed>) = ? [pid 5809] +++ exited with 0 +++ [pid 5805] +++ exited with 0 +++ [pid 5804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5804, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 197.482786][ T5805] EXT4-fs (loop0): Free/Dirty block details [ 197.488749][ T5805] EXT4-fs (loop0): free_blocks=2415919104 [ 197.495002][ T5805] EXT4-fs (loop0): dirty_blocks=16 [ 197.500571][ T5805] EXT4-fs (loop0): Block reservation details [ 197.506636][ T5805] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 197.532629][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./140/bus") = 0 umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5810 attached [pid 5810] set_robust_list(0x5555749a26a0, 24 [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5810 [pid 5810] <... set_robust_list resumed>) = 0 [pid 5810] chdir("./141") = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] setpgid(0, 0) = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5810] write(3, "1000", 4) = 4 [pid 5810] close(3) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5810] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5810] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5811 attached [pid 5811] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5810] <... clone3 resumed> => {parent_tid=[5811]}, 88) = 5811 [pid 5811] set_robust_list(0x7f03761f79a0, 24 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], [pid 5811] <... set_robust_list resumed>) = 0 [pid 5810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5810] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] memfd_create("syzkaller", 0 [pid 5810] <... futex resumed>) = 0 [pid 5811] <... memfd_create resumed>) = 3 [pid 5810] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5811] munmap(0x7f036dc00000, 138412032) = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5811] close(3) = 0 [pid 5811] close(4) = 0 [pid 5811] mkdir("./bus", 0777) = 0 [ 197.885952][ T5811] loop0: detected capacity change from 0 to 2048 [pid 5811] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5811] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] chdir("./bus") = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5811] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5811] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5810] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... openat resumed>) = 4 [pid 5811] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] <... futex resumed>) = 0 [pid 5811] openat(AT_FDCWD, "./bus", O_RDONLY [ 197.936515][ T5811] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5810] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... openat resumed>) = 5 [pid 5811] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5811] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... openat resumed>) = 6 [pid 5811] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5811] write(6, "t", 1 [ 197.979376][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 197.979400][ T29] audit: type=1804 audit(1714530466.785:526): pid=5811 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/141/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5810] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... write resumed>) = 1 [pid 5811] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] sendfile(6, 5, NULL, 131071 [pid 5810] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 198.013454][ T29] audit: type=1804 audit(1714530466.825:527): pid=5811 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/141/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5810] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5810] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 198.088474][ T5811] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 198.104120][ T5811] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 198.116411][ T5811] EXT4-fs (loop0): This should not happen!! Data will be lost [ 198.116411][ T5811] [ 198.126167][ T5811] EXT4-fs (loop0): Total free blocks count 0 [ 198.132221][ T5811] EXT4-fs (loop0): Free/Dirty block details [pid 5810] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5814 attached [pid 5814] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5814] set_robust_list(0x7f03761d69a0, 24 [pid 5810] <... clone3 resumed> => {parent_tid=[5814]}, 88) = 5814 [pid 5814] <... set_robust_list resumed>) = 0 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], [pid 5814] rt_sigprocmask(SIG_SETMASK, [], [pid 5810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5810] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5810] <... futex resumed>) = 0 [pid 5814] <... open resumed>) = 7 [ 198.138175][ T5811] EXT4-fs (loop0): free_blocks=2415919104 [ 198.143993][ T5811] EXT4-fs (loop0): dirty_blocks=16 [ 198.149150][ T5811] EXT4-fs (loop0): Block reservation details [ 198.155201][ T5811] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5810] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5811] <... sendfile resumed>) = 75 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 0 [pid 5811] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5810] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... mmap resumed>) = 0x20000000 [pid 5811] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5811] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5810] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] pipe2(0x20000240, 0) = 0 [pid 5811] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] exit_group(0 [pid 5814] <... futex resumed>) = ? [pid 5814] +++ exited with 0 +++ [pid 5811] <... futex resumed>) = ? [pid 5810] <... exit_group resumed>) = ? [pid 5811] +++ exited with 0 +++ [pid 5810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5810, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 198.167053][ T29] audit: type=1804 audit(1714530466.975:528): pid=5814 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/141/bus/bus" dev="loop0" ino=18 res=1 errno=0 openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 198.259757][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/bus") = 0 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5815 attached , child_tidptr=0x5555749a2690) = 5815 [pid 5815] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5815] chdir("./142") = 0 [pid 5815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5815] setpgid(0, 0) = 0 [pid 5815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5815] write(3, "1000", 4) = 4 [pid 5815] close(3) = 0 [pid 5815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5815] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5815] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5815] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5816 attached => {parent_tid=[5816]}, 88) = 5816 [pid 5816] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5816] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5816] rt_sigprocmask(SIG_SETMASK, [], [pid 5815] rt_sigprocmask(SIG_SETMASK, [], [pid 5816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5816] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5815] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5815] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5816] memfd_create("syzkaller", 0) = 3 [pid 5816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5816] munmap(0x7f036dc00000, 138412032) = 0 [pid 5816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5816] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5816] close(3) = 0 [pid 5816] close(4) = 0 [pid 5816] mkdir("./bus", 0777) = 0 [ 198.568193][ T5816] loop0: detected capacity change from 0 to 2048 [pid 5816] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5816] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5816] chdir("./bus") = 0 [pid 5816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5816] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = 1 [pid 5815] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5815] <... futex resumed>) = 0 [pid 5816] <... openat resumed>) = 4 [pid 5815] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5815] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 198.625886][ T5816] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5816] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] <... futex resumed>) = 0 [pid 5816] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5815] <... futex resumed>) = 0 [pid 5816] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5815] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... openat resumed>) = 6 [pid 5816] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] <... futex resumed>) = 0 [pid 5815] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] write(6, "t", 1 [pid 5815] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... write resumed>) = 1 [pid 5816] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5815] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] sendfile(6, 5, NULL, 131071 [pid 5815] <... futex resumed>) = 0 [ 198.676458][ T29] audit: type=1804 audit(1714530467.485:529): pid=5816 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/142/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 198.700757][ T29] audit: type=1804 audit(1714530467.485:530): pid=5816 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/142/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5815] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5815] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5815] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 198.754547][ T5816] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 198.770213][ T5816] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 198.782632][ T5816] EXT4-fs (loop0): This should not happen!! Data will be lost [ 198.782632][ T5816] [ 198.792483][ T5816] EXT4-fs (loop0): Total free blocks count 0 [pid 5815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5819 attached => {parent_tid=[5819]}, 88) = 5819 [pid 5819] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5815] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... rseq resumed>) = 0 [pid 5815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5815] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] set_robust_list(0x7f03761d69a0, 24 [pid 5815] <... futex resumed>) = 0 [pid 5819] <... set_robust_list resumed>) = 0 [pid 5815] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5819] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5816] <... sendfile resumed>) = 75 [pid 5819] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = 1 [pid 5819] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] <... futex resumed>) = 0 [pid 5815] <... futex resumed>) = 0 [pid 5816] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5815] <... futex resumed>) = 0 [pid 5816] <... mmap resumed>) = 0x20000000 [ 198.799523][ T5816] EXT4-fs (loop0): Free/Dirty block details [ 198.806171][ T5816] EXT4-fs (loop0): free_blocks=2415919104 [ 198.812051][ T5816] EXT4-fs (loop0): dirty_blocks=16 [ 198.817460][ T5816] EXT4-fs (loop0): Block reservation details [ 198.824054][ T5816] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5815] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] <... futex resumed>) = 0 [pid 5816] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5815] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] pipe2(0x20000240, 0) = 0 [pid 5816] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] <... futex resumed>) = 0 [pid 5815] exit_group(0 [pid 5816] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] <... futex resumed>) = ? [pid 5816] <... futex resumed>) = ? [pid 5815] <... exit_group resumed>) = ? [pid 5819] +++ exited with 0 +++ [pid 5816] +++ exited with 0 +++ [pid 5815] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5815, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 198.832223][ T29] audit: type=1804 audit(1714530467.645:531): pid=5819 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/142/bus/bus" dev="loop0" ino=18 res=1 errno=0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 198.907147][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/bus") = 0 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5820 attached , child_tidptr=0x5555749a2690) = 5820 [pid 5820] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5820] chdir("./143") = 0 [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5820] setpgid(0, 0) = 0 [pid 5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] write(3, "1000", 4) = 4 [pid 5820] close(3) = 0 [pid 5820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5820] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5820] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5821 attached => {parent_tid=[5821]}, 88) = 5821 [pid 5820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5820] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5820] <... futex resumed>) = 0 [pid 5821] set_robust_list(0x7f03761f79a0, 24 [pid 5820] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... set_robust_list resumed>) = 0 [pid 5821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5821] memfd_create("syzkaller", 0) = 3 [pid 5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5821] munmap(0x7f036dc00000, 138412032) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5821] close(3) = 0 [pid 5821] close(4) = 0 [pid 5821] mkdir("./bus", 0777) = 0 [ 199.210784][ T5821] loop0: detected capacity change from 0 to 2048 [pid 5821] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5821] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5821] chdir("./bus") = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5821] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5821] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5820] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... openat resumed>) = 4 [pid 5821] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5820] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 5 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5821] <... futex resumed>) = 0 [pid 5820] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... openat resumed>) = 6 [ 199.265166][ T5821] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5821] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5821] <... futex resumed>) = 1 [pid 5820] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] write(6, "t", 1 [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... write resumed>) = 1 [pid 5821] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5820] <... futex resumed>) = 0 [pid 5821] sendfile(6, 5, NULL, 131071 [ 199.301938][ T29] audit: type=1804 audit(1714530468.115:532): pid=5821 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/143/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 199.326258][ T29] audit: type=1804 audit(1714530468.115:533): pid=5821 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/143/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5820] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 199.372030][ T5821] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 199.387258][ T5821] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 199.399568][ T5821] EXT4-fs (loop0): This should not happen!! Data will be lost [ 199.399568][ T5821] [ 199.409389][ T5821] EXT4-fs (loop0): Total free blocks count 0 [ 199.416048][ T5821] EXT4-fs (loop0): Free/Dirty block details [pid 5820] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5820] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5821] <... sendfile resumed>) = 75 [pid 5820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 5821] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5824 attached [pid 5824] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5824] set_robust_list(0x7f03761d69a0, 24 [pid 5820] <... clone3 resumed> => {parent_tid=[5824]}, 88) = 5824 [pid 5824] <... set_robust_list resumed>) = 0 [pid 5820] rt_sigprocmask(SIG_SETMASK, [], [pid 5824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5824] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5824] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 199.422098][ T5821] EXT4-fs (loop0): free_blocks=2415919104 [ 199.428336][ T5821] EXT4-fs (loop0): dirty_blocks=16 [ 199.433588][ T5821] EXT4-fs (loop0): Block reservation details [ 199.439900][ T5821] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5820] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... open resumed>) = 7 [pid 5824] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5824] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... futex resumed>) = 0 [pid 5820] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5821] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5820] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... mmap resumed>) = 0x20000000 [pid 5821] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5821] pipe2( [pid 5820] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5821] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... futex resumed>) = 0 [pid 5821] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] exit_group(0 [pid 5821] <... futex resumed>) = ? [pid 5820] <... exit_group resumed>) = ? [pid 5821] +++ exited with 0 +++ [pid 5824] <... futex resumed>) = ? [ 199.453908][ T29] audit: type=1804 audit(1714530468.265:534): pid=5824 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/143/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5824] +++ exited with 0 +++ [pid 5820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5820, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 199.539600][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 openat(AT_FDCWD, "./143/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/bus") = 0 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached , child_tidptr=0x5555749a2690) = 5825 [pid 5825] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5825] chdir("./144") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5825] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5826 attached [pid 5826] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5825] <... clone3 resumed> => {parent_tid=[5826]}, 88) = 5826 [pid 5826] set_robust_list(0x7f03761f79a0, 24 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] <... set_robust_list resumed>) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] memfd_create("syzkaller", 0 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] <... memfd_create resumed>) = 3 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5826] munmap(0x7f036dc00000, 138412032) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5826] close(3) = 0 [pid 5826] close(4) = 0 [pid 5826] mkdir("./bus", 0777) = 0 [ 199.945478][ T5826] loop0: detected capacity change from 0 to 2048 [pid 5826] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5826] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5826] chdir("./bus") = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5826] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5825] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] <... openat resumed>) = 4 [pid 5825] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5826] <... futex resumed>) = 1 [pid 5825] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 200.012028][ T5826] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5826] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5826] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... futex resumed>) = 0 [pid 5825] <... futex resumed>) = 1 [pid 5826] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5825] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... openat resumed>) = 6 [pid 5826] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5826] write(6, "t", 1 [pid 5825] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... write resumed>) = 1 [pid 5826] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] sendfile(6, 5, NULL, 131071 [pid 5825] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 200.071225][ T29] audit: type=1804 audit(1714530468.885:535): pid=5826 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/144/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5825] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5825] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5825] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 200.167948][ T5826] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 200.183972][ T5826] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 200.197065][ T5826] EXT4-fs (loop0): This should not happen!! Data will be lost [ 200.197065][ T5826] [ 200.207432][ T5826] EXT4-fs (loop0): Total free blocks count 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5829 attached [pid 5829] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5825] <... clone3 resumed> => {parent_tid=[5829]}, 88) = 5829 [pid 5829] set_robust_list(0x7f03761d69a0, 24 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... set_robust_list resumed>) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5825] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5825] <... futex resumed>) = 0 [pid 5829] <... open resumed>) = 7 [pid 5825] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5829] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5829] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5825] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... mmap resumed>) = 0x20000000 [pid 5826] <... sendfile resumed>) = 75 [pid 5829] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5829] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] <... futex resumed>) = 0 [pid 5825] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] pipe2(0x20000240, 0) = 0 [pid 5826] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] exit_group(0) = ? [pid 5829] <... futex resumed>) = ? [pid 5826] <... futex resumed>) = ? [pid 5829] +++ exited with 0 +++ [pid 5826] +++ exited with 0 +++ [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 200.213513][ T5826] EXT4-fs (loop0): Free/Dirty block details [ 200.219449][ T5826] EXT4-fs (loop0): free_blocks=2415919104 [ 200.225283][ T5826] EXT4-fs (loop0): dirty_blocks=16 [ 200.230716][ T5826] EXT4-fs (loop0): Block reservation details [ 200.236726][ T5826] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 200.342746][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 openat(AT_FDCWD, "./144/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/bus") = 0 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached , child_tidptr=0x5555749a2690) = 5830 [pid 5830] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5830] chdir("./145") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5830] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5831 attached [pid 5831] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5831] set_robust_list(0x7f03761f79a0, 24 [pid 5830] <... clone3 resumed> => {parent_tid=[5831]}, 88) = 5831 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] memfd_create("syzkaller", 0 [pid 5830] <... futex resumed>) = 0 [pid 5830] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... memfd_create resumed>) = 3 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5831] munmap(0x7f036dc00000, 138412032) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5831] close(3) = 0 [pid 5831] close(4) = 0 [pid 5831] mkdir("./bus", 0777) = 0 [ 200.644993][ T5831] loop0: detected capacity change from 0 to 2048 [pid 5831] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5831] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] chdir("./bus") = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5830] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5830] <... futex resumed>) = 0 [pid 5830] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... openat resumed>) = 4 [pid 5831] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5831] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5830] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... openat resumed>) = 5 [pid 5831] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5831] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5830] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] <... openat resumed>) = 6 [pid 5830] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5830] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] write(6, "t", 1) = 1 [pid 5831] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [ 200.686790][ T5831] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5831] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] <... futex resumed>) = 0 [pid 5831] sendfile(6, 5, NULL, 131071 [pid 5830] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5830] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 200.760303][ T5834] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 200.788253][ T5831] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 200.800559][ T5831] EXT4-fs (loop0): This should not happen!! Data will be lost [ 200.800559][ T5831] [pid 5830] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5835]}, 88) = 5835 ./strace-static-x86_64: Process 5835 attached [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] <... rseq resumed>) = 0 [pid 5830] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] set_robust_list(0x7f03761d69a0, 24 [pid 5830] <... futex resumed>) = 0 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5830] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5835] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5835] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5835] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5830] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... sendfile resumed>) = 75 [pid 5831] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] <... mmap resumed>) = 0x20000000 [pid 5835] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5830] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5835] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] pipe2( [pid 5830] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5831] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = 0 [pid 5830] exit_group(0 [pid 5835] <... futex resumed>) = ? [pid 5830] <... exit_group resumed>) = ? [pid 5835] +++ exited with 0 +++ [pid 5831] <... futex resumed>) = ? [pid 5831] +++ exited with 0 +++ [pid 5830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 200.810302][ T5831] EXT4-fs (loop0): Total free blocks count 0 [ 200.816346][ T5831] EXT4-fs (loop0): Free/Dirty block details [ 200.822364][ T5831] EXT4-fs (loop0): free_blocks=2415919104 [ 200.828228][ T5831] EXT4-fs (loop0): dirty_blocks=16 [ 200.833448][ T5831] EXT4-fs (loop0): Block reservation details [ 200.839496][ T5831] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 200.924472][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/bus") = 0 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached , child_tidptr=0x5555749a2690) = 5836 [pid 5836] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5836] chdir("./146") = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5836] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5837 attached [pid 5837] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5837] set_robust_list(0x7f03761f79a0, 24 [pid 5836] <... clone3 resumed> => {parent_tid=[5837]}, 88) = 5837 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] memfd_create("syzkaller", 0 [pid 5836] <... futex resumed>) = 0 [pid 5837] <... memfd_create resumed>) = 3 [pid 5836] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5837] munmap(0x7f036dc00000, 138412032) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5837] close(3) = 0 [pid 5837] close(4) = 0 [pid 5837] mkdir("./bus", 0777) = 0 [ 201.288784][ T5837] loop0: detected capacity change from 0 to 2048 [pid 5837] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5837] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5837] chdir("./bus") = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5837] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 1 [pid 5836] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5836] <... futex resumed>) = 0 [pid 5836] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... openat resumed>) = 4 [pid 5837] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5837] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5836] <... futex resumed>) = 0 [pid 5837] <... openat resumed>) = 5 [pid 5836] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5836] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5837] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 1 [pid 5837] write(6, "t", 1 [ 201.336891][ T5837] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5836] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] <... write resumed>) = 1 [pid 5836] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5837] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] sendfile(6, 5, NULL, 131071 [pid 5836] <... futex resumed>) = 0 [pid 5836] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5836] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5836] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 201.448474][ T5837] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 201.463869][ T5837] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 201.476763][ T5837] EXT4-fs (loop0): This should not happen!! Data will be lost [ 201.476763][ T5837] [ 201.486860][ T5837] EXT4-fs (loop0): Total free blocks count 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5841 attached [pid 5841] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5836] <... clone3 resumed> => {parent_tid=[5841]}, 88) = 5841 [pid 5841] <... rseq resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] set_robust_list(0x7f03761d69a0, 24 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] <... set_robust_list resumed>) = 0 [pid 5836] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5841] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5836] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... open resumed>) = 7 [pid 5841] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... sendfile resumed>) = 75 [pid 5841] <... futex resumed>) = 1 [pid 5837] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5841] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] <... futex resumed>) = 0 [pid 5837] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5836] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... mmap resumed>) = 0x20000000 [pid 5837] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5837] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5837] pipe2( [pid 5836] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5837] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 1 [pid 5836] exit_group(0 [pid 5841] <... futex resumed>) = ? [pid 5841] +++ exited with 0 +++ [pid 5836] <... exit_group resumed>) = ? [pid 5837] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 201.493400][ T5837] EXT4-fs (loop0): Free/Dirty block details [ 201.499687][ T5837] EXT4-fs (loop0): free_blocks=2415919104 [ 201.505895][ T5837] EXT4-fs (loop0): dirty_blocks=16 [ 201.511114][ T5837] EXT4-fs (loop0): Block reservation details [ 201.518075][ T5837] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 201.636353][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/bus") = 0 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached , child_tidptr=0x5555749a2690) = 5842 [pid 5842] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5842] chdir("./147") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5842] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5842] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5843] <... rseq resumed>) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] set_robust_list(0x7f03761f79a0, 24 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5842] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] <... futex resumed>) = 0 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5843] munmap(0x7f036dc00000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./bus", 0777) = 0 [ 201.969682][ T5843] loop0: detected capacity change from 0 to 2048 [pid 5843] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5843] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./bus") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5842] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... openat resumed>) = 4 [pid 5843] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./bus", O_RDONLY [ 202.017399][ T5843] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5842] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... openat resumed>) = 5 [pid 5843] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5842] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5842] <... futex resumed>) = 0 [pid 5843] <... openat resumed>) = 6 [pid 5842] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5842] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] write(6, "t", 1 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... write resumed>) = 1 [pid 5843] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5842] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] sendfile(6, 5, NULL, 131071 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5842] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5842] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5846]}, 88) = 5846 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5842] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5846 attached [pid 5846] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [ 202.146650][ T5843] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 202.162002][ T5843] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 202.174465][ T5843] EXT4-fs (loop0): This should not happen!! Data will be lost [ 202.174465][ T5843] [ 202.184597][ T5843] EXT4-fs (loop0): Total free blocks count 0 [ 202.191153][ T5843] EXT4-fs (loop0): Free/Dirty block details [pid 5846] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5846] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5846] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... futex resumed>) = 1 [pid 5843] <... sendfile resumed>) = 75 [pid 5846] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5843] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... mmap resumed>) = 0x20000000 [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5846] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5842] <... futex resumed>) = 1 [pid 5843] pipe2( [pid 5842] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5843] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] exit_group(0 [pid 5846] <... futex resumed>) = ? [pid 5843] <... futex resumed>) = ? [pid 5842] <... exit_group resumed>) = ? [pid 5846] +++ exited with 0 +++ [pid 5843] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [ 202.197374][ T5843] EXT4-fs (loop0): free_blocks=2415919104 [ 202.203276][ T5843] EXT4-fs (loop0): dirty_blocks=16 [ 202.208434][ T5843] EXT4-fs (loop0): Block reservation details [ 202.217216][ T5843] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./147", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 202.302787][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/bus") = 0 umount2("./147/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached , child_tidptr=0x5555749a2690) = 5847 [pid 5847] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5847] chdir("./148") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5847] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5847] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5848 attached [pid 5848] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5847] <... clone3 resumed> => {parent_tid=[5848]}, 88) = 5848 [pid 5848] set_robust_list(0x7f03761f79a0, 24 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... set_robust_list resumed>) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] memfd_create("syzkaller", 0 [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5848] <... memfd_create resumed>) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5848] munmap(0x7f036dc00000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./bus", 0777) = 0 [ 202.650434][ T5848] loop0: detected capacity change from 0 to 2048 [pid 5848] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5848] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] chdir("./bus") = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5848] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5847] <... futex resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5847] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... openat resumed>) = 4 [pid 5848] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5847] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... openat resumed>) = 5 [pid 5847] <... futex resumed>) = 0 [ 202.689034][ T5848] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5847] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5847] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... openat resumed>) = 6 [pid 5848] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5848] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] write(6, "t", 1) = 1 [pid 5848] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = 0 [pid 5848] <... futex resumed>) = 1 [pid 5847] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] sendfile(6, 5, NULL, 131071 [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5847] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5847] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 202.790248][ T5848] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 202.805296][ T5848] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 202.818215][ T5848] EXT4-fs (loop0): This should not happen!! Data will be lost [ 202.818215][ T5848] [ 202.829256][ T5848] EXT4-fs (loop0): Total free blocks count 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5851 attached [pid 5851] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5847] <... clone3 resumed> => {parent_tid=[5851]}, 88) = 5851 [pid 5851] <... rseq resumed>) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] set_robust_list(0x7f03761d69a0, 24 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5847] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5847] <... futex resumed>) = 0 [pid 5851] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5848] <... sendfile resumed>) = 75 [pid 5847] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5851] <... open resumed>) = 7 [pid 5848] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = 0 [pid 5848] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] <... futex resumed>) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5851] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = 0 [pid 5847] <... futex resumed>) = 1 [pid 5848] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5847] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... mmap resumed>) = 0x20000000 [pid 5848] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5848] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] pipe2( [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5848] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] <... futex resumed>) = 0 [ 202.835767][ T5848] EXT4-fs (loop0): Free/Dirty block details [ 202.841879][ T5848] EXT4-fs (loop0): free_blocks=2415919104 [ 202.847760][ T5848] EXT4-fs (loop0): dirty_blocks=16 [ 202.853105][ T5848] EXT4-fs (loop0): Block reservation details [ 202.859218][ T5848] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5847] exit_group(0 [pid 5851] <... futex resumed>) = ? [pid 5848] <... futex resumed>) = ? [pid 5847] <... exit_group resumed>) = ? [pid 5851] +++ exited with 0 +++ [pid 5848] +++ exited with 0 +++ [pid 5847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 202.990604][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/bus") = 0 umount2("./148/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached , child_tidptr=0x5555749a2690) = 5852 [pid 5852] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5852] chdir("./149") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5852] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5852] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5852] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5853] set_robust_list(0x7f03761f79a0, 24 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... set_robust_list resumed>) = 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] memfd_create("syzkaller", 0 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] <... memfd_create resumed>) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5853] munmap(0x7f036dc00000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./bus", 0777) = 0 [ 203.317766][ T5853] loop0: detected capacity change from 0 to 2048 [pid 5853] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5853] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./bus") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5853] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 1 [pid 5853] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5852] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... openat resumed>) = 4 [pid 5853] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [ 203.366377][ T5853] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5853] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5852] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] <... openat resumed>) = 5 [pid 5852] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5853] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5852] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... openat resumed>) = 6 [pid 5853] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 1 [pid 5853] write(6, "t", 1 [pid 5852] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... write resumed>) = 1 [pid 5853] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] sendfile(6, 5, NULL, 131071 [pid 5852] <... futex resumed>) = 0 [ 203.428870][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 203.428894][ T29] audit: type=1804 audit(1714530472.235:550): pid=5853 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/149/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 203.459332][ T29] audit: type=1804 audit(1714530472.245:551): pid=5853 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/149/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5852] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5852] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5852] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5857]}, 88) = 5857 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5852] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5857 attached [ 203.514922][ T5853] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 203.530394][ T5853] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 203.543489][ T5853] EXT4-fs (loop0): This should not happen!! Data will be lost [ 203.543489][ T5853] [ 203.553955][ T5853] EXT4-fs (loop0): Total free blocks count 0 [pid 5857] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5857] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5857] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5857] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5852] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5852] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5857] <... futex resumed>) = 1 [pid 5857] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5853] <... sendfile resumed>) = 75 [pid 5857] <... mmap resumed>) = 0x20000000 [pid 5853] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5853] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5857] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5853] pipe2(0x20000240, 0) = 0 [pid 5853] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 1 [pid 5852] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] exit_group(0 [pid 5857] <... futex resumed>) = ? [pid 5853] <... futex resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5857] +++ exited with 0 +++ [ 203.560310][ T5853] EXT4-fs (loop0): Free/Dirty block details [ 203.566257][ T5853] EXT4-fs (loop0): free_blocks=2415919104 [ 203.572441][ T5853] EXT4-fs (loop0): dirty_blocks=16 [ 203.577644][ T5853] EXT4-fs (loop0): Block reservation details [ 203.581444][ T29] audit: type=1804 audit(1714530472.385:552): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/149/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 203.584093][ T5853] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5852] <... exit_group resumed>) = ? [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./149", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 203.689197][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/bus") = 0 umount2("./149/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached , child_tidptr=0x5555749a2690) = 5858 [pid 5858] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5858] chdir("./150") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5858] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5859 attached [pid 5859] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5859] set_robust_list(0x7f03761f79a0, 24 [pid 5858] <... clone3 resumed> => {parent_tid=[5859]}, 88) = 5859 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] memfd_create("syzkaller", 0 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5859] <... memfd_create resumed>) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5859] munmap(0x7f036dc00000, 138412032) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5859] close(3) = 0 [pid 5859] close(4) = 0 [pid 5859] mkdir("./bus", 0777) = 0 [ 204.014838][ T5859] loop0: detected capacity change from 0 to 2048 [pid 5859] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5859] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./bus") = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] <... futex resumed>) = 0 [pid 5859] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5858] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... openat resumed>) = 4 [pid 5859] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] <... futex resumed>) = 0 [ 204.065530][ T5859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5859] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5858] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... openat resumed>) = 5 [pid 5859] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... futex resumed>) = 0 [pid 5859] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5859] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [ 204.116767][ T29] audit: type=1804 audit(1714530472.925:553): pid=5859 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/150/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5859] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] write(6, "t", 1 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... write resumed>) = 1 [pid 5859] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] sendfile(6, 5, NULL, 131071 [pid 5858] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 204.145369][ T29] audit: type=1804 audit(1714530472.955:554): pid=5859 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/150/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5858] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5858] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5858] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5862]}, 88) = 5862 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5862 attached NULL, 8) = 0 [pid 5862] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5858] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... rseq resumed>) = 0 [pid 5858] <... futex resumed>) = 0 [pid 5862] set_robust_list(0x7f03761d69a0, 24 [pid 5858] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... set_robust_list resumed>) = 0 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5862] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5862] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5862] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5858] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 204.227990][ T5859] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 204.243250][ T5859] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 204.255598][ T5859] EXT4-fs (loop0): This should not happen!! Data will be lost [ 204.255598][ T5859] [ 204.265373][ T5859] EXT4-fs (loop0): Total free blocks count 0 [pid 5858] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... mmap resumed>) = 0x20000000 [pid 5859] <... sendfile resumed>) = 75 [pid 5862] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5862] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] <... futex resumed>) = 0 [pid 5858] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] pipe2( [pid 5858] <... futex resumed>) = 0 [pid 5859] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5859] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... futex resumed>) = 0 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] exit_group(0 [pid 5862] <... futex resumed>) = ? [pid 5858] <... exit_group resumed>) = ? [ 204.271482][ T29] audit: type=1804 audit(1714530473.075:555): pid=5862 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/150/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 204.295056][ T5859] EXT4-fs (loop0): Free/Dirty block details [ 204.301084][ T5859] EXT4-fs (loop0): free_blocks=2415919104 [ 204.306861][ T5859] EXT4-fs (loop0): dirty_blocks=16 [ 204.312092][ T5859] EXT4-fs (loop0): Block reservation details [ 204.318110][ T5859] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5862] +++ exited with 0 +++ [pid 5859] +++ exited with 0 +++ [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 204.449522][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/bus") = 0 umount2("./150/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached , child_tidptr=0x5555749a2690) = 5863 [pid 5863] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5863] chdir("./151") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5863] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5863] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5864 attached [pid 5864] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5863] <... clone3 resumed> => {parent_tid=[5864]}, 88) = 5864 [pid 5864] <... rseq resumed>) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] set_robust_list(0x7f03761f79a0, 24 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] <... set_robust_list resumed>) = 0 [pid 5863] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] <... futex resumed>) = 0 [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5864] memfd_create("syzkaller", 0) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5864] munmap(0x7f036dc00000, 138412032) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5864] close(3) = 0 [pid 5864] close(4) = 0 [pid 5864] mkdir("./bus", 0777) = 0 [ 204.849229][ T5864] loop0: detected capacity change from 0 to 2048 [pid 5864] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5864] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5864] chdir("./bus") = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5864] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = 0 [pid 5864] <... futex resumed>) = 1 [pid 5863] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... openat resumed>) = 4 [pid 5864] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] <... futex resumed>) = 0 [pid 5864] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5863] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... openat resumed>) = 5 [ 204.902839][ T5864] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5864] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5863] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... openat resumed>) = 6 [pid 5864] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5864] write(6, "t", 1 [pid 5863] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... write resumed>) = 1 [pid 5864] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5864] sendfile(6, 5, NULL, 131071 [pid 5863] <... futex resumed>) = 0 [ 204.942414][ T29] audit: type=1804 audit(1714530473.755:556): pid=5864 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/151/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 204.968525][ T29] audit: type=1804 audit(1714530473.785:557): pid=5864 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/151/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5863] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5863] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5863] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 205.033361][ T5864] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 205.048809][ T5864] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 205.061956][ T5864] EXT4-fs (loop0): This should not happen!! Data will be lost [ 205.061956][ T5864] [ 205.072367][ T5864] EXT4-fs (loop0): Total free blocks count 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5867 attached => {parent_tid=[5867]}, 88) = 5867 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5863] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5867] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5867] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5867] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... sendfile resumed>) = 75 [pid 5867] <... futex resumed>) = 1 [pid 5864] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5864] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5863] <... futex resumed>) = 1 [pid 5863] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5864] pipe2( [pid 5863] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5864] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] exit_group(0 [pid 5864] <... futex resumed>) = ? [pid 5864] +++ exited with 0 +++ [pid 5863] <... exit_group resumed>) = ? [pid 5867] <... futex resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./151", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 205.078685][ T5864] EXT4-fs (loop0): Free/Dirty block details [ 205.084748][ T5864] EXT4-fs (loop0): free_blocks=2415919104 [ 205.090694][ T5864] EXT4-fs (loop0): dirty_blocks=16 [ 205.095841][ T5864] EXT4-fs (loop0): Block reservation details [ 205.103035][ T5864] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 205.107615][ T29] audit: type=1804 audit(1714530473.915:558): pid=5867 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/151/bus/bus" dev="loop0" ino=18 res=1 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 205.184083][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./151/bus") = 0 umount2("./151/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5868 ./strace-static-x86_64: Process 5868 attached [pid 5868] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5868] chdir("./152") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5868] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5869 attached [pid 5869] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5868] <... clone3 resumed> => {parent_tid=[5869]}, 88) = 5869 [pid 5869] set_robust_list(0x7f03761f79a0, 24 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... set_robust_list resumed>) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5869] memfd_create("syzkaller", 0 [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... memfd_create resumed>) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5869] munmap(0x7f036dc00000, 138412032) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] close(4) = 0 [pid 5869] mkdir("./bus", 0777) = 0 [ 205.481125][ T5869] loop0: detected capacity change from 0 to 2048 [pid 5869] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] chdir("./bus") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5868] <... futex resumed>) = 1 [pid 5869] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 4 [pid 5869] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5868] <... futex resumed>) = 1 [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 5 [pid 5869] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 205.525963][ T5869] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5869] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5869] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5869] write(6, "t", 1 [pid 5868] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... write resumed>) = 1 [pid 5869] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5869] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5869] sendfile(6, 5, NULL, 131071 [ 205.568238][ T29] audit: type=1804 audit(1714530474.375:559): pid=5869 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/152/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5868] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 205.644953][ T5869] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 205.660868][ T5869] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 205.673163][ T5869] EXT4-fs (loop0): This should not happen!! Data will be lost [ 205.673163][ T5869] [ 205.682890][ T5869] EXT4-fs (loop0): Total free blocks count 0 [ 205.688901][ T5869] EXT4-fs (loop0): Free/Dirty block details [pid 5868] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5872 attached [pid 5872] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5868] <... clone3 resumed> => {parent_tid=[5872]}, 88) = 5872 [pid 5872] <... rseq resumed>) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] set_robust_list(0x7f03761d69a0, 24 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... set_robust_list resumed>) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5872] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5868] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... sendfile resumed>) = 75 [pid 5869] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5868] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5869] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=39000000} [pid 5869] <... mmap resumed>) = 0x20000000 [pid 5869] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5869] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5869] pipe2( [pid 5868] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5869] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [ 205.694869][ T5869] EXT4-fs (loop0): free_blocks=2415919104 [ 205.700684][ T5869] EXT4-fs (loop0): dirty_blocks=16 [ 205.705805][ T5869] EXT4-fs (loop0): Block reservation details [ 205.712392][ T5869] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5868] exit_group(0 [pid 5872] <... futex resumed>) = ? [pid 5868] <... exit_group resumed>) = ? [pid 5872] +++ exited with 0 +++ [pid 5869] +++ exited with 0 +++ [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./152", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 205.837134][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/bus") = 0 umount2("./152/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5873 attached , child_tidptr=0x5555749a2690) = 5873 [pid 5873] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5873] chdir("./153") = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] setpgid(0, 0) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] write(3, "1000", 4) = 4 [pid 5873] close(3) = 0 [pid 5873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5873] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5873] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5873] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5873] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5874 attached [pid 5874] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5873] <... clone3 resumed> => {parent_tid=[5874]}, 88) = 5874 [pid 5874] <... rseq resumed>) = 0 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] set_robust_list(0x7f03761f79a0, 24 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5873] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] <... futex resumed>) = 0 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5874] memfd_create("syzkaller", 0) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5874] munmap(0x7f036dc00000, 138412032) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] close(3) = 0 [pid 5874] close(4) = 0 [pid 5874] mkdir("./bus", 0777) = 0 [ 206.165457][ T5874] loop0: detected capacity change from 0 to 2048 [pid 5874] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5874] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5874] chdir("./bus") = 0 [ 206.206040][ T5874] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... openat resumed>) = 4 [pid 5874] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5874] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5873] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... openat resumed>) = 5 [pid 5874] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5874] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5873] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... openat resumed>) = 6 [pid 5874] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5874] write(6, "t", 1 [pid 5873] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... write resumed>) = 1 [pid 5874] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] sendfile(6, 5, NULL, 131071 [pid 5873] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5873] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5873] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 206.345846][ T5874] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 206.361219][ T5874] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 206.373583][ T5874] EXT4-fs (loop0): This should not happen!! Data will be lost [ 206.373583][ T5874] [ 206.383389][ T5874] EXT4-fs (loop0): Total free blocks count 0 [ 206.389430][ T5874] EXT4-fs (loop0): Free/Dirty block details [pid 5873] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5877 attached [pid 5877] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5873] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] <... rseq resumed>) = 0 [pid 5877] set_robust_list(0x7f03761d69a0, 24 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... set_robust_list resumed>) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... open resumed>) = 7 [pid 5874] <... sendfile resumed>) = 75 [pid 5874] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 1 [pid 5877] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... futex resumed>) = 0 [pid 5874] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5873] <... futex resumed>) = 0 [pid 5874] <... futex resumed>) = 1 [pid 5873] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] pipe2( [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5874] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] exit_group(0) = ? [pid 5874] +++ exited with 0 +++ [pid 5877] <... futex resumed>) = ? [ 206.395621][ T5874] EXT4-fs (loop0): free_blocks=2415919104 [ 206.401505][ T5874] EXT4-fs (loop0): dirty_blocks=16 [ 206.406643][ T5874] EXT4-fs (loop0): Block reservation details [ 206.412716][ T5874] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5877] +++ exited with 0 +++ [pid 5873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 206.521859][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/bus") = 0 umount2("./153/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached , child_tidptr=0x5555749a2690) = 5878 [pid 5878] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5878] chdir("./154") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5878] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5879 attached [pid 5879] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5878] <... clone3 resumed> => {parent_tid=[5879]}, 88) = 5879 [pid 5879] <... rseq resumed>) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] <... futex resumed>) = 0 [pid 5879] memfd_create("syzkaller", 0 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] <... memfd_create resumed>) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5879] munmap(0x7f036dc00000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./bus", 0777) = 0 [ 206.882384][ T5879] loop0: detected capacity change from 0 to 2048 [pid 5879] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5879] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./bus") = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5879] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [ 206.926889][ T5879] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5879] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5879] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] write(6, "t", 1 [pid 5878] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... write resumed>) = 1 [pid 5879] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] sendfile(6, 5, NULL, 131071 [pid 5878] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5878] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5878] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 207.065825][ T5879] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 207.081580][ T5879] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 207.093938][ T5879] EXT4-fs (loop0): This should not happen!! Data will be lost [ 207.093938][ T5879] [ 207.103697][ T5879] EXT4-fs (loop0): Total free blocks count 0 [ 207.109726][ T5879] EXT4-fs (loop0): Free/Dirty block details [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5882 attached => {parent_tid=[5882]}, 88) = 5882 [pid 5882] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... rseq resumed>) = 0 [pid 5882] set_robust_list(0x7f03761d69a0, 24 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5878] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] <... futex resumed>) = 0 [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5882] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... sendfile resumed>) = 75 [pid 5882] <... futex resumed>) = 1 [pid 5879] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5882] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5878] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] pipe2(0x20000240, 0) = 0 [pid 5879] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 0 [pid 5878] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] exit_group(0 [pid 5882] <... futex resumed>) = ? [pid 5879] <... futex resumed>) = ? [pid 5878] <... exit_group resumed>) = ? [ 207.115694][ T5879] EXT4-fs (loop0): free_blocks=2415919104 [ 207.121486][ T5879] EXT4-fs (loop0): dirty_blocks=16 [ 207.126603][ T5879] EXT4-fs (loop0): Block reservation details [ 207.132671][ T5879] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5882] +++ exited with 0 +++ [pid 5879] +++ exited with 0 +++ [pid 5878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./154", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./154/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./154/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 207.205577][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/bus") = 0 umount2("./154/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5883 ./strace-static-x86_64: Process 5883 attached [pid 5883] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5883] chdir("./155") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5883] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5883] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5884 attached [pid 5884] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5883] <... clone3 resumed> => {parent_tid=[5884]}, 88) = 5884 [pid 5884] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] memfd_create("syzkaller", 0 [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5884] <... memfd_create resumed>) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5884] munmap(0x7f036dc00000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./bus", 0777) = 0 [ 207.556218][ T5884] loop0: detected capacity change from 0 to 2048 [pid 5884] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5884] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./bus") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 207.597228][ T5884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5884] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5884] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5883] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... openat resumed>) = 5 [pid 5884] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5884] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5883] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... openat resumed>) = 6 [pid 5884] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5884] write(6, "t", 1 [pid 5883] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... write resumed>) = 1 [pid 5884] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 1 [pid 5884] sendfile(6, 5, NULL, 131071 [pid 5883] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5883] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5883] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5887]}, 88) = 5887 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5883] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5887 attached [pid 5887] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5887] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5887] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 207.740981][ T5884] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 207.757209][ T5884] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 207.769821][ T5884] EXT4-fs (loop0): This should not happen!! Data will be lost [ 207.769821][ T5884] [ 207.781740][ T5884] EXT4-fs (loop0): Total free blocks count 0 [pid 5887] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 5887] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] pipe2(0x20000240, 0) = 0 [pid 5884] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] exit_group(0 [pid 5887] <... futex resumed>) = ? [pid 5884] <... futex resumed>) = ? [pid 5884] +++ exited with 0 +++ [pid 5883] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 207.787887][ T5884] EXT4-fs (loop0): Free/Dirty block details [ 207.794612][ T5884] EXT4-fs (loop0): free_blocks=2415919104 [ 207.800635][ T5884] EXT4-fs (loop0): dirty_blocks=16 [ 207.805802][ T5884] EXT4-fs (loop0): Block reservation details [ 207.812035][ T5884] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./155", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./155/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./155/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 207.894159][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/bus") = 0 umount2("./155/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached , child_tidptr=0x5555749a2690) = 5888 [pid 5888] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5888] chdir("./156") = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5888] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5888] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5889 attached => {parent_tid=[5889]}, 88) = 5889 [pid 5889] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5888] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5889] <... rseq resumed>) = 0 [pid 5889] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5889] memfd_create("syzkaller", 0) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5889] munmap(0x7f036dc00000, 138412032) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5889] close(3) = 0 [pid 5889] close(4) = 0 [pid 5889] mkdir("./bus", 0777) = 0 [ 208.288796][ T5889] loop0: detected capacity change from 0 to 2048 [pid 5889] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5889] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5889] chdir("./bus") = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5889] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5889] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5888] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... openat resumed>) = 4 [pid 5889] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5889] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5888] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... openat resumed>) = 5 [pid 5889] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] <... futex resumed>) = 0 [pid 5889] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5888] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... openat resumed>) = 6 [pid 5889] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... futex resumed>) = 0 [ 208.345029][ T5889] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5888] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5889] write(6, "t", 1 [pid 5888] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... write resumed>) = 1 [pid 5889] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5889] sendfile(6, 5, NULL, 131071 [pid 5888] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5888] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5888] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 208.454393][ T5889] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 208.470639][ T5889] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 208.483090][ T5889] EXT4-fs (loop0): This should not happen!! Data will be lost [ 208.483090][ T5889] [ 208.492816][ T5889] EXT4-fs (loop0): Total free blocks count 0 [ 208.498827][ T5889] EXT4-fs (loop0): Free/Dirty block details [pid 5888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5892 attached [pid 5892] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5892] set_robust_list(0x7f03761d69a0, 24 [pid 5888] <... clone3 resumed> => {parent_tid=[5892]}, 88) = 5892 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5888] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 208.504848][ T5889] EXT4-fs (loop0): free_blocks=2415919104 [ 208.510695][ T5889] EXT4-fs (loop0): dirty_blocks=16 [ 208.515861][ T5889] EXT4-fs (loop0): Block reservation details [ 208.516205][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 208.516224][ T29] audit: type=1804 audit(1714530477.325:573): pid=5892 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/156/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5892] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5889] <... sendfile resumed>) = 75 [pid 5892] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = 0 [pid 5892] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... mmap resumed>) = 0x20000000 [pid 5889] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... futex resumed>) = 1 [pid 5889] pipe2(0x20000240, 0) = 0 [pid 5889] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5888] exit_group(0 [pid 5892] <... futex resumed>) = ? [pid 5888] <... exit_group resumed>) = ? [pid 5892] +++ exited with 0 +++ [pid 5889] <... futex resumed>) = ? [ 208.521922][ T5889] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5889] +++ exited with 0 +++ [pid 5888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./156", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./156/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./156/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 208.643942][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./156/bus") = 0 umount2("./156/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached , child_tidptr=0x5555749a2690) = 5893 [pid 5893] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5893] chdir("./157") = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5893] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5893] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5894 attached => {parent_tid=[5894]}, 88) = 5894 [pid 5894] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] set_robust_list(0x7f03761f79a0, 24 [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5894] memfd_create("syzkaller", 0) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5894] munmap(0x7f036dc00000, 138412032) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5894] close(4) = 0 [pid 5894] mkdir("./bus", 0777) = 0 [ 208.966517][ T5894] loop0: detected capacity change from 0 to 2048 [pid 5894] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5894] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./bus") = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5894] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5894] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5894] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5893] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... openat resumed>) = 4 [ 209.015707][ T5894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5894] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5894] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5894] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5893] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... openat resumed>) = 5 [pid 5894] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5894] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5893] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... openat resumed>) = 6 [pid 5894] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... futex resumed>) = 0 [ 209.078601][ T29] audit: type=1804 audit(1714530477.885:574): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/157/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5893] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5893] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] write(6, "t", 1) = 1 [pid 5894] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] sendfile(6, 5, NULL, 131071 [pid 5893] <... futex resumed>) = 0 [ 209.116039][ T29] audit: type=1804 audit(1714530477.925:575): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/157/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5893] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5893] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5893] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 209.202773][ T5894] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 209.218156][ T5894] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 209.230810][ T5894] EXT4-fs (loop0): This should not happen!! Data will be lost [ 209.230810][ T5894] [ 209.241456][ T5894] EXT4-fs (loop0): Total free blocks count 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5897 attached [pid 5897] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5893] <... clone3 resumed> => {parent_tid=[5897]}, 88) = 5897 [pid 5897] <... rseq resumed>) = 0 [pid 5897] set_robust_list(0x7f03761d69a0, 24 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] <... set_robust_list resumed>) = 0 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5893] <... futex resumed>) = 0 [pid 5897] <... open resumed>) = 7 [pid 5893] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5897] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5897] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 209.247973][ T5894] EXT4-fs (loop0): Free/Dirty block details [ 209.254000][ T5894] EXT4-fs (loop0): free_blocks=2415919104 [ 209.260725][ T5894] EXT4-fs (loop0): dirty_blocks=16 [ 209.266239][ T29] audit: type=1804 audit(1714530478.075:576): pid=5897 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/157/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 209.266255][ T5894] EXT4-fs (loop0): Block reservation details [pid 5893] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... mmap resumed>) = 0x20000000 [pid 5894] <... sendfile resumed>) = 75 [pid 5897] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5897] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5893] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] pipe2( [pid 5893] <... futex resumed>) = 0 [pid 5894] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5894] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] exit_group(0 [pid 5897] <... futex resumed>) = ? [pid 5894] <... futex resumed>) = ? [pid 5893] <... exit_group resumed>) = ? [pid 5894] +++ exited with 0 +++ [pid 5897] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [ 209.298109][ T5894] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./157", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./157/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./157/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 209.381570][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/bus") = 0 umount2("./157/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached , child_tidptr=0x5555749a2690) = 5898 [pid 5898] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5898] chdir("./158") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5898] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5898] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5899 attached [pid 5899] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5898] <... clone3 resumed> => {parent_tid=[5899]}, 88) = 5899 [pid 5899] set_robust_list(0x7f03761f79a0, 24 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] <... set_robust_list resumed>) = 0 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5899] memfd_create("syzkaller", 0 [pid 5898] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5899] <... memfd_create resumed>) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5899] munmap(0x7f036dc00000, 138412032) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5899] close(3) = 0 [pid 5899] close(4) = 0 [pid 5899] mkdir("./bus", 0777) = 0 [ 209.735820][ T5899] loop0: detected capacity change from 0 to 2048 [pid 5899] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5899] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./bus") = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 209.787478][ T5899] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5899] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5899] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5899] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5898] <... futex resumed>) = 0 [pid 5899] <... openat resumed>) = 5 [pid 5898] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5898] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5898] <... futex resumed>) = 0 [pid 5899] <... openat resumed>) = 6 [pid 5898] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5898] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] write(6, "t", 1 [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... write resumed>) = 1 [pid 5899] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5899] sendfile(6, 5, NULL, 131071 [pid 5898] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 209.852678][ T29] audit: type=1804 audit(1714530478.665:577): pid=5899 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/158/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 209.880510][ T29] audit: type=1804 audit(1714530478.685:578): pid=5899 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/158/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5898] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5898] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 209.924096][ T5899] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 209.939908][ T5899] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 209.952235][ T5899] EXT4-fs (loop0): This should not happen!! Data will be lost [ 209.952235][ T5899] [ 209.961989][ T5899] EXT4-fs (loop0): Total free blocks count 0 [ 209.968004][ T5899] EXT4-fs (loop0): Free/Dirty block details [pid 5898] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5903 attached [pid 5899] <... sendfile resumed>) = 75 [pid 5898] <... clone3 resumed> => {parent_tid=[5903]}, 88) = 5903 [pid 5903] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5899] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5898] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] <... rseq resumed>) = 0 [pid 5899] <... futex resumed>) = 0 [pid 5898] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5903] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5899] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] <... open resumed>) = 7 [pid 5903] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 1 [pid 5898] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] <... futex resumed>) = 0 [ 209.973963][ T5899] EXT4-fs (loop0): free_blocks=2415919104 [ 209.979719][ T5899] EXT4-fs (loop0): dirty_blocks=16 [ 209.984918][ T5899] EXT4-fs (loop0): Block reservation details [ 209.990963][ T5899] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5899] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5899] pipe2( [pid 5898] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5899] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5898] exit_group(0) = ? [pid 5899] +++ exited with 0 +++ [pid 5903] <... futex resumed>) = ? [pid 5903] +++ exited with 0 +++ [pid 5898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 210.011863][ T29] audit: type=1804 audit(1714530478.825:579): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/158/bus/bus" dev="loop0" ino=18 res=1 errno=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./158/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./158/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 210.143512][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/bus") = 0 umount2("./158/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x5555749a2690) = 5904 [pid 5904] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5904] chdir("./159") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5904] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0} => {parent_tid=[5905]}, 88) = 5905 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5904] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5905 attached [pid 5905] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5905] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5905] memfd_create("syzkaller", 0) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5905] munmap(0x7f036dc00000, 138412032) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] close(4) = 0 [pid 5905] mkdir("./bus", 0777) = 0 [ 210.472400][ T5905] loop0: detected capacity change from 0 to 2048 [pid 5905] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5905] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./bus") = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5905] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5905] <... futex resumed>) = 1 [pid 5904] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... openat resumed>) = 4 [pid 5905] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5904] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 210.527262][ T5905] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5905] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... futex resumed>) = 0 [pid 5905] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5905] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] write(6, "t", 1 [pid 5904] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... write resumed>) = 1 [pid 5905] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] sendfile(6, 5, NULL, 131071 [pid 5904] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 210.569942][ T29] audit: type=1804 audit(1714530479.375:580): pid=5905 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/159/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 210.594433][ T29] audit: type=1804 audit(1714530479.385:581): pid=5905 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/159/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5904] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5904] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5904] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 210.663762][ T5905] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 210.679711][ T5905] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 210.692024][ T5905] EXT4-fs (loop0): This should not happen!! Data will be lost [ 210.692024][ T5905] [ 210.702069][ T5905] EXT4-fs (loop0): Total free blocks count 0 [ 210.708109][ T5905] EXT4-fs (loop0): Free/Dirty block details [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5909 attached [pid 5909] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5904] <... clone3 resumed> => {parent_tid=[5909]}, 88) = 5909 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] <... rseq resumed>) = 0 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] set_robust_list(0x7f03761d69a0, 24 [pid 5904] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... set_robust_list resumed>) = 0 [pid 5904] <... futex resumed>) = 0 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5909] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5909] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5904] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... mmap resumed>) = 0x20000000 [pid 5905] <... sendfile resumed>) = 75 [pid 5909] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5904] <... futex resumed>) = 0 [pid 5909] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5905] pipe2( [pid 5904] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5905] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] exit_group(0 [pid 5909] <... futex resumed>) = ? [pid 5905] <... futex resumed>) = ? [pid 5904] <... exit_group resumed>) = ? [pid 5909] +++ exited with 0 +++ [pid 5905] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./159", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 210.714142][ T5905] EXT4-fs (loop0): free_blocks=2415919104 [ 210.719899][ T5905] EXT4-fs (loop0): dirty_blocks=16 [ 210.725257][ T29] audit: type=1804 audit(1714530479.535:582): pid=5909 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/159/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 210.726482][ T5905] EXT4-fs (loop0): Block reservation details [ 210.755186][ T5905] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./159/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./159/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 210.827565][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/bus") = 0 umount2("./159/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5910 attached , child_tidptr=0x5555749a2690) = 5910 [pid 5910] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5910] chdir("./160") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5910] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5911 attached [pid 5911] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5910] <... clone3 resumed> => {parent_tid=[5911]}, 88) = 5911 [pid 5911] <... rseq resumed>) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] set_robust_list(0x7f03761f79a0, 24 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] <... set_robust_list resumed>) = 0 [pid 5910] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5910] <... futex resumed>) = 0 [pid 5911] memfd_create("syzkaller", 0 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5911] <... memfd_create resumed>) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5911] munmap(0x7f036dc00000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [pid 5911] mkdir("./bus", 0777) = 0 [ 211.185214][ T5911] loop0: detected capacity change from 0 to 2048 [pid 5911] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5911] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./bus") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5911] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5911] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... openat resumed>) = 4 [pid 5911] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 211.228277][ T5911] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5911] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5910] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] <... openat resumed>) = 6 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] write(6, "t", 1 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... write resumed>) = 1 [pid 5911] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5910] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] sendfile(6, 5, NULL, 131071 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5910] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 211.351472][ T5911] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 211.367094][ T5911] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 211.379536][ T5911] EXT4-fs (loop0): This should not happen!! Data will be lost [ 211.379536][ T5911] [ 211.391057][ T5911] EXT4-fs (loop0): Total free blocks count 0 [pid 5910] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5914 attached [pid 5914] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5910] <... clone3 resumed> => {parent_tid=[5914]}, 88) = 5914 [pid 5914] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] <... futex resumed>) = 0 [pid 5914] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5910] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] <... open resumed>) = 7 [pid 5914] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... sendfile resumed>) = 75 [pid 5914] <... futex resumed>) = 1 [pid 5911] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5914] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5911] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5911] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] <... futex resumed>) = 0 [pid 5911] pipe2( [pid 5910] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5911] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] exit_group(0 [pid 5914] <... futex resumed>) = ? [pid 5911] <... futex resumed>) = ? [pid 5914] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ [pid 5910] <... exit_group resumed>) = ? [pid 5910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 211.397328][ T5911] EXT4-fs (loop0): Free/Dirty block details [ 211.403689][ T5911] EXT4-fs (loop0): free_blocks=2415919104 [ 211.409835][ T5911] EXT4-fs (loop0): dirty_blocks=16 [ 211.415112][ T5911] EXT4-fs (loop0): Block reservation details [ 211.422242][ T5911] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./160", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./160/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./160/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 211.510931][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./160/bus") = 0 umount2("./160/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached , child_tidptr=0x5555749a2690) = 5915 [pid 5915] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5915] chdir("./161") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5915] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5916 attached [pid 5916] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5915] <... clone3 resumed> => {parent_tid=[5916]}, 88) = 5916 [pid 5916] <... rseq resumed>) = 0 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] set_robust_list(0x7f03761f79a0, 24 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] <... set_robust_list resumed>) = 0 [pid 5915] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5915] <... futex resumed>) = 0 [pid 5916] memfd_create("syzkaller", 0 [pid 5915] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5916] <... memfd_create resumed>) = 3 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5916] munmap(0x7f036dc00000, 138412032) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5916] close(3) = 0 [pid 5916] close(4) = 0 [pid 5916] mkdir("./bus", 0777) = 0 [ 211.841133][ T5916] loop0: detected capacity change from 0 to 2048 [pid 5916] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5916] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5916] chdir("./bus") = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5916] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5916] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5915] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... openat resumed>) = 4 [pid 5916] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = 1 [pid 5915] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5915] <... futex resumed>) = 0 [pid 5916] <... openat resumed>) = 5 [pid 5915] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] <... futex resumed>) = 0 [pid 5915] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5915] <... futex resumed>) = 0 [pid 5916] <... openat resumed>) = 6 [pid 5915] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5915] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] write(6, "t", 1 [pid 5915] <... futex resumed>) = 0 [pid 5915] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... write resumed>) = 1 [pid 5916] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = 1 [pid 5915] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] sendfile(6, 5, NULL, 131071 [pid 5915] <... futex resumed>) = 0 [ 211.889861][ T5916] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5915] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5915] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 211.980756][ T5916] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 211.996010][ T5916] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 212.008993][ T5916] EXT4-fs (loop0): This should not happen!! Data will be lost [ 212.008993][ T5916] [ 212.018760][ T5916] EXT4-fs (loop0): Total free blocks count 0 [ 212.024824][ T5916] EXT4-fs (loop0): Free/Dirty block details [pid 5915] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5916] <... sendfile resumed>) = 75 [pid 5915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 5916] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5919 attached [pid 5919] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5919] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5915] <... clone3 resumed> => {parent_tid=[5919]}, 88) = 5919 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5919] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5915] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... open resumed>) = 7 [pid 5919] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5919] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5915] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5916] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5916] pipe2( [pid 5915] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... pipe2 resumed>0x20000240, 0) = 0 [ 212.030781][ T5916] EXT4-fs (loop0): free_blocks=2415919104 [ 212.036546][ T5916] EXT4-fs (loop0): dirty_blocks=16 [ 212.042192][ T5916] EXT4-fs (loop0): Block reservation details [ 212.048329][ T5916] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5916] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... futex resumed>) = 0 [pid 5915] exit_group(0) = ? [pid 5919] <... futex resumed>) = ? [pid 5916] <... futex resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5916] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./161", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./161/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./161/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 212.174701][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/bus") = 0 umount2("./161/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5920 attached , child_tidptr=0x5555749a2690) = 5920 [pid 5920] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5920] chdir("./162") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5920] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5920] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5921 attached [pid 5921] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5920] <... clone3 resumed> => {parent_tid=[5921]}, 88) = 5921 [pid 5921] set_robust_list(0x7f03761f79a0, 24 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] <... set_robust_list resumed>) = 0 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] memfd_create("syzkaller", 0 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] <... memfd_create resumed>) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5921] munmap(0x7f036dc00000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./bus", 0777) = 0 [ 212.493874][ T5921] loop0: detected capacity change from 0 to 2048 [pid 5921] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./bus") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 4 [pid 5921] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5920] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... openat resumed>) = 5 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5920] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5920] <... futex resumed>) = 0 [ 212.537238][ T5921] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5920] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 6 [pid 5921] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5921] write(6, "t", 1 [pid 5920] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... write resumed>) = 1 [pid 5921] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5921] sendfile(6, 5, NULL, 131071 [pid 5920] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5920] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 212.653432][ T5921] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 212.668662][ T5921] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 212.681045][ T5921] EXT4-fs (loop0): This should not happen!! Data will be lost [ 212.681045][ T5921] [ 212.690785][ T5921] EXT4-fs (loop0): Total free blocks count 0 [ 212.696828][ T5921] EXT4-fs (loop0): Free/Dirty block details [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5920] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5921] <... sendfile resumed>) = 75 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5925 attached [pid 5921] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] <... clone3 resumed> => {parent_tid=[5925]}, 88) = 5925 [pid 5925] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] set_robust_list(0x7f03761d69a0, 24 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] <... set_robust_list resumed>) = 0 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5925] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5920] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... open resumed>) = 7 [pid 5925] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5925] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5921] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5920] <... futex resumed>) = 1 [ 212.702857][ T5921] EXT4-fs (loop0): free_blocks=2415919104 [ 212.708672][ T5921] EXT4-fs (loop0): dirty_blocks=16 [ 212.713867][ T5921] EXT4-fs (loop0): Block reservation details [ 212.719921][ T5921] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5921] <... mmap resumed>) = 0x20000000 [pid 5920] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5920] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] pipe2(0x20000240, 0) = 0 [pid 5921] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] exit_group(0 [pid 5921] <... futex resumed>) = ? [pid 5920] <... exit_group resumed>) = ? [pid 5925] <... futex resumed>) = ? [pid 5921] +++ exited with 0 +++ [pid 5925] +++ exited with 0 +++ [pid 5920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./162", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./162/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./162/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 212.801335][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/bus") = 0 umount2("./162/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5926 attached , child_tidptr=0x5555749a2690) = 5926 [pid 5926] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5926] chdir("./163") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5926] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5927 attached => {parent_tid=[5927]}, 88) = 5927 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5926] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5927] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5927] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5927] munmap(0x7f036dc00000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] close(4) = 0 [pid 5927] mkdir("./bus", 0777) = 0 [ 213.116606][ T5927] loop0: detected capacity change from 0 to 2048 [pid 5927] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5927] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./bus") = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5926] <... futex resumed>) = 0 [pid 5927] <... openat resumed>) = 4 [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5927] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... openat resumed>) = 5 [pid 5927] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5927] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... openat resumed>) = 6 [ 213.158620][ T5927] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5927] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] write(6, "t", 1 [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... write resumed>) = 1 [pid 5927] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] <... futex resumed>) = 1 [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] sendfile(6, 5, NULL, 131071 [pid 5926] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5926] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5926] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 213.269412][ T5927] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 213.285436][ T5927] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 213.297840][ T5927] EXT4-fs (loop0): This should not happen!! Data will be lost [ 213.297840][ T5927] [ 213.307576][ T5927] EXT4-fs (loop0): Total free blocks count 0 [ 213.313713][ T5927] EXT4-fs (loop0): Free/Dirty block details [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5930 attached [pid 5930] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5926] <... clone3 resumed> => {parent_tid=[5930]}, 88) = 5930 [pid 5930] <... rseq resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5930] set_robust_list(0x7f03761d69a0, 24 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5930] <... set_robust_list resumed>) = 0 [pid 5926] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... futex resumed>) = 0 [pid 5930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5930] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... sendfile resumed>) = 75 [pid 5930] <... futex resumed>) = 1 [pid 5927] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5930] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5927] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] pipe2( [pid 5926] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] <... pipe2 resumed>0x20000240, 0) = 0 [ 213.319631][ T5927] EXT4-fs (loop0): free_blocks=2415919104 [ 213.325458][ T5927] EXT4-fs (loop0): dirty_blocks=16 [ 213.330692][ T5927] EXT4-fs (loop0): Block reservation details [ 213.336687][ T5927] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5927] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5927] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] exit_group(0 [pid 5927] <... futex resumed>) = ? [pid 5930] <... futex resumed>) = ? [pid 5926] <... exit_group resumed>) = ? [pid 5930] +++ exited with 0 +++ [pid 5927] +++ exited with 0 +++ [pid 5926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./163", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./163/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./163/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 213.444035][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./163/bus") = 0 umount2("./163/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5931 ./strace-static-x86_64: Process 5931 attached [pid 5931] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5931] chdir("./164") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5931] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5932 attached [pid 5932] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5932] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5931] <... clone3 resumed> => {parent_tid=[5932]}, 88) = 5932 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] memfd_create("syzkaller", 0 [pid 5931] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5932] <... memfd_create resumed>) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5932] munmap(0x7f036dc00000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./bus", 0777) = 0 [ 213.821496][ T5932] loop0: detected capacity change from 0 to 2048 [pid 5932] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5932] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./bus") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5932] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5931] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... openat resumed>) = 4 [pid 5932] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] openat(AT_FDCWD, "./bus", O_RDONLY [ 213.868657][ T5932] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5931] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... openat resumed>) = 5 [pid 5932] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5931] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.909099][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 213.909121][ T29] audit: type=1804 audit(1714530482.715:595): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/164/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5931] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... openat resumed>) = 6 [pid 5932] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] write(6, "t", 1 [pid 5931] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... write resumed>) = 1 [pid 5932] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] sendfile(6, 5, NULL, 131071 [ 213.943423][ T29] audit: type=1804 audit(1714530482.755:596): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/164/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5931] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5931] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5931] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 214.010650][ T5932] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 214.026357][ T5932] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 214.040057][ T5932] EXT4-fs (loop0): This should not happen!! Data will be lost [ 214.040057][ T5932] [ 214.050879][ T5932] EXT4-fs (loop0): Total free blocks count 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5935 attached [pid 5935] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5931] <... clone3 resumed> => {parent_tid=[5935]}, 88) = 5935 [pid 5935] <... rseq resumed>) = 0 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] set_robust_list(0x7f03761d69a0, 24 [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5931] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5935] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... sendfile resumed>) = 75 [pid 5935] <... futex resumed>) = 1 [pid 5932] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = 0 [pid 5932] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [ 214.057274][ T5932] EXT4-fs (loop0): Free/Dirty block details [ 214.063826][ T5932] EXT4-fs (loop0): free_blocks=2415919104 [ 214.069565][ T5932] EXT4-fs (loop0): dirty_blocks=16 [ 214.075513][ T5932] EXT4-fs (loop0): Block reservation details [ 214.081548][ T5932] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5931] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5931] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] pipe2( [pid 5931] <... futex resumed>) = 0 [pid 5932] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5931] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] exit_group(0) = ? [pid 5935] <... futex resumed>) = ? [pid 5932] <... futex resumed>) = ? [pid 5935] +++ exited with 0 +++ [pid 5932] +++ exited with 0 +++ [pid 5931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./164", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 214.088912][ T29] audit: type=1804 audit(1714530482.895:597): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/164/bus/bus" dev="loop0" ino=18 res=1 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./164/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./164/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 214.160291][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./164/bus") = 0 umount2("./164/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5936 ./strace-static-x86_64: Process 5936 attached [pid 5936] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5936] chdir("./165") = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5936] write(3, "1000", 4) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5936] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5936] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5936] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5936] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5936] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5937 attached [pid 5937] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5936] <... clone3 resumed> => {parent_tid=[5937]}, 88) = 5937 [pid 5937] <... rseq resumed>) = 0 [pid 5936] rt_sigprocmask(SIG_SETMASK, [], [pid 5937] set_robust_list(0x7f03761f79a0, 24 [pid 5936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5936] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], [pid 5936] <... futex resumed>) = 0 [pid 5937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5937] memfd_create("syzkaller", 0 [pid 5936] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5937] <... memfd_create resumed>) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5937] munmap(0x7f036dc00000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./bus", 0777) = 0 [ 214.514991][ T5937] loop0: detected capacity change from 0 to 2048 [pid 5937] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5937] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5937] chdir("./bus") = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 214.559191][ T5937] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5937] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = 0 [pid 5936] <... futex resumed>) = 1 [pid 5937] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5936] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... openat resumed>) = 4 [pid 5937] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5937] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5936] <... futex resumed>) = 0 [pid 5937] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5936] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... openat resumed>) = 5 [pid 5937] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5937] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... futex resumed>) = 0 [pid 5937] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5937] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] write(6, "t", 1 [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... write resumed>) = 1 [pid 5937] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5937] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = 0 [pid 5936] <... futex resumed>) = 1 [pid 5937] sendfile(6, 5, NULL, 131071 [ 214.643646][ T29] audit: type=1804 audit(1714530483.455:598): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/165/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 214.667814][ T29] audit: type=1804 audit(1714530483.475:599): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/165/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5936] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5936] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5936] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 214.734604][ T5937] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 214.749917][ T5937] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 214.762223][ T5937] EXT4-fs (loop0): This should not happen!! Data will be lost [ 214.762223][ T5937] [ 214.772324][ T5937] EXT4-fs (loop0): Total free blocks count 0 [ 214.778345][ T5937] EXT4-fs (loop0): Free/Dirty block details [pid 5936] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5937] <... sendfile resumed>) = 75 [pid 5936] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 5937] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5941 attached [pid 5936] <... clone3 resumed> => {parent_tid=[5941]}, 88) = 5941 [pid 5941] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5937] <... futex resumed>) = 0 [pid 5936] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... rseq resumed>) = 0 [pid 5937] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] set_robust_list(0x7f03761d69a0, 24 [pid 5936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] <... set_robust_list resumed>) = 0 [pid 5936] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5936] <... futex resumed>) = 0 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 214.784330][ T5937] EXT4-fs (loop0): free_blocks=2415919104 [ 214.790145][ T5937] EXT4-fs (loop0): dirty_blocks=16 [ 214.795286][ T5937] EXT4-fs (loop0): Block reservation details [ 214.801398][ T5937] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5941] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5941] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5941] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... futex resumed>) = 0 [pid 5937] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5937] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5936] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] pipe2(0x20000240, 0) = 0 [pid 5937] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = 0 [pid 5937] <... futex resumed>) = 1 [pid 5936] exit_group(0 [pid 5937] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = ? [pid 5937] <... futex resumed>) = ? [pid 5936] <... exit_group resumed>) = ? [pid 5941] +++ exited with 0 +++ [pid 5937] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./165", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 214.834270][ T29] audit: type=1804 audit(1714530483.645:600): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/165/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./165/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./165/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 214.878131][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./165/bus") = 0 umount2("./165/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5942 attached , child_tidptr=0x5555749a2690) = 5942 [pid 5942] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5942] chdir("./166") = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5942] setpgid(0, 0) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5942] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5942] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5943 attached [pid 5943] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5942] <... clone3 resumed> => {parent_tid=[5943]}, 88) = 5943 [pid 5943] set_robust_list(0x7f03761f79a0, 24 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] memfd_create("syzkaller", 0 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] <... memfd_create resumed>) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5943] munmap(0x7f036dc00000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4) = 0 [pid 5943] mkdir("./bus", 0777) = 0 [ 215.227161][ T5943] loop0: detected capacity change from 0 to 2048 [pid 5943] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5943] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./bus") = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5943] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5942] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... openat resumed>) = 4 [pid 5942] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5942] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5943] <... openat resumed>) = 5 [ 215.266010][ T5943] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5943] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5942] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5942] <... futex resumed>) = 0 [pid 5943] <... openat resumed>) = 6 [pid 5942] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5942] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] write(6, "t", 1) = 1 [pid 5943] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5943] sendfile(6, 5, NULL, 131071 [pid 5942] <... futex resumed>) = 1 [ 215.307113][ T29] audit: type=1804 audit(1714530484.115:601): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/166/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 215.331649][ T29] audit: type=1804 audit(1714530484.115:602): pid=5943 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/166/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5942] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5942] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5942] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5946 attached => {parent_tid=[5946]}, 88) = 5946 [pid 5946] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5946] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5946] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... open resumed>) = 7 [ 215.378319][ T5943] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 215.395088][ T5943] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 215.417425][ T5943] EXT4-fs (loop0): This should not happen!! Data will be lost [ 215.417425][ T5943] [pid 5946] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5942] <... futex resumed>) = 0 [ 215.418402][ T29] audit: type=1804 audit(1714530484.225:603): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/166/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 215.428135][ T5943] EXT4-fs (loop0): Total free blocks count 0 [ 215.463178][ T5943] EXT4-fs (loop0): Free/Dirty block details [ 215.469520][ T5943] EXT4-fs (loop0): free_blocks=2415919104 [pid 5942] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... mmap resumed>) = 0x20000000 [pid 5946] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5946] pipe2( [pid 5942] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5946] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] <... sendfile resumed>) = 75 [pid 5946] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] exit_group(0 [pid 5946] <... futex resumed>) = ? [pid 5943] <... futex resumed>) = ? [pid 5942] <... exit_group resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5943] +++ exited with 0 +++ [pid 5942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./166", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 215.475523][ T5943] EXT4-fs (loop0): dirty_blocks=16 [ 215.481449][ T5943] EXT4-fs (loop0): Block reservation details [ 215.487563][ T5943] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./166/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./166/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 215.528812][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./166/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/bus") = 0 umount2("./166/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 5947 ./strace-static-x86_64: Process 5947 attached [pid 5947] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5947] chdir("./167") = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5947] setpgid(0, 0) = 0 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5947] write(3, "1000", 4) = 4 [pid 5947] close(3) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5947] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5947] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5948 attached [pid 5948] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5947] <... clone3 resumed> => {parent_tid=[5948]}, 88) = 5948 [pid 5948] <... rseq resumed>) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5948] set_robust_list(0x7f03761f79a0, 24 [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5947] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5947] <... futex resumed>) = 0 [pid 5948] memfd_create("syzkaller", 0 [pid 5947] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5948] <... memfd_create resumed>) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5948] munmap(0x7f036dc00000, 138412032) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5948] close(3) = 0 [pid 5948] close(4) = 0 [pid 5948] mkdir("./bus", 0777) = 0 [pid 5948] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5948] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] chdir("./bus") = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5948] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5947] <... futex resumed>) = 1 [ 215.964153][ T5948] loop0: detected capacity change from 0 to 2048 [pid 5947] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... openat resumed>) = 4 [pid 5948] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5947] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5948] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5947] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5948] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] write(6, "t", 1 [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... write resumed>) = 1 [pid 5948] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] sendfile(6, 5, NULL, 131071 [pid 5947] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 216.052414][ T29] audit: type=1804 audit(1714530484.865:604): pid=5948 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/167/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5947] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5947] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5947] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5951 attached [pid 5951] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5947] <... clone3 resumed> => {parent_tid=[5951]}, 88) = 5951 [pid 5951] <... rseq resumed>) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] set_robust_list(0x7f03761d69a0, 24 [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] <... set_robust_list resumed>) = 0 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5947] <... futex resumed>) = 0 [pid 5951] <... open resumed>) = 7 [ 216.138275][ T5948] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 216.153795][ T5948] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 216.166391][ T5948] EXT4-fs (loop0): This should not happen!! Data will be lost [ 216.166391][ T5948] [ 216.176763][ T5948] EXT4-fs (loop0): Total free blocks count 0 [pid 5947] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = 1 [pid 5947] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... mmap resumed>) = 0x20000000 [pid 5948] <... sendfile resumed>) = 75 [pid 5951] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = 0 [pid 5951] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5947] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... futex resumed>) = 1 [pid 5948] pipe2(0x20000240, 0) = 0 [pid 5948] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = 0 [pid 5947] exit_group(0 [pid 5951] <... futex resumed>) = ? [pid 5947] <... exit_group resumed>) = ? [pid 5951] +++ exited with 0 +++ [pid 5948] <... futex resumed>) = ? [pid 5948] +++ exited with 0 +++ [pid 5947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./167", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 216.184041][ T5948] EXT4-fs (loop0): Free/Dirty block details [ 216.190378][ T5948] EXT4-fs (loop0): free_blocks=2415919104 [ 216.196135][ T5948] EXT4-fs (loop0): dirty_blocks=16 [ 216.201777][ T5948] EXT4-fs (loop0): Block reservation details [ 216.208728][ T5948] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./167/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./167/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 216.287334][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 216.299646][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 216.299646][ T62] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/bus") = 0 umount2("./167/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5952 attached , child_tidptr=0x5555749a2690) = 5952 [pid 5952] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5952] chdir("./168") = 0 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5952] setpgid(0, 0) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5952] write(3, "1000", 4) = 4 [pid 5952] close(3) = 0 [pid 5952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5952] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5952] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5953 attached [pid 5953] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5952] <... clone3 resumed> => {parent_tid=[5953]}, 88) = 5953 [pid 5953] set_robust_list(0x7f03761f79a0, 24 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] <... set_robust_list resumed>) = 0 [pid 5952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5953] memfd_create("syzkaller", 0 [pid 5952] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5953] <... memfd_create resumed>) = 3 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5953] munmap(0x7f036dc00000, 138412032) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5953] close(3) = 0 [pid 5953] close(4) = 0 [pid 5953] mkdir("./bus", 0777) = 0 [pid 5953] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5953] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5953] chdir("./bus") = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5953] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 216.624790][ T5953] loop0: detected capacity change from 0 to 2048 [pid 5953] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5953] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5952] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... openat resumed>) = 4 [pid 5953] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5952] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5953] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5953] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... openat resumed>) = 6 [pid 5953] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] <... futex resumed>) = 0 [pid 5952] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5952] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] write(6, "t", 1) = 1 [pid 5953] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5953] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] <... futex resumed>) = 0 [pid 5953] sendfile(6, 5, NULL, 131071 [pid 5952] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5952] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5952] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 216.767071][ T5953] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 216.782519][ T5953] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 216.794834][ T5953] EXT4-fs (loop0): This should not happen!! Data will be lost [ 216.794834][ T5953] [ 216.804642][ T5953] EXT4-fs (loop0): Total free blocks count 0 [ 216.810726][ T5953] EXT4-fs (loop0): Free/Dirty block details [pid 5952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5956 attached [pid 5956] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5952] <... clone3 resumed> => {parent_tid=[5956]}, 88) = 5956 [pid 5956] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5956] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5952] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5956] <... open resumed>) = 7 [pid 5956] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... sendfile resumed>) = 75 [pid 5956] <... futex resumed>) = 1 [pid 5953] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = 0 [pid 5956] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... futex resumed>) = 0 [pid 5952] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5952] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... mmap resumed>) = 0x20000000 [pid 5953] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5953] pipe2( [pid 5952] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5953] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5953] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] exit_group(0 [pid 5953] <... futex resumed>) = ? [pid 5952] <... exit_group resumed>) = ? [pid 5953] +++ exited with 0 +++ [pid 5956] <... futex resumed>) = ? [ 216.816692][ T5953] EXT4-fs (loop0): free_blocks=2415919104 [ 216.822503][ T5953] EXT4-fs (loop0): dirty_blocks=16 [ 216.827683][ T5953] EXT4-fs (loop0): Block reservation details [ 216.833788][ T5953] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5956] +++ exited with 0 +++ [pid 5952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./168", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./168/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./168/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 216.915497][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 216.927923][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 216.927923][ T2467] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/bus") = 0 umount2("./168/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5957 attached , child_tidptr=0x5555749a2690) = 5957 [pid 5957] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5957] chdir("./169") = 0 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5957] setpgid(0, 0) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5957] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5957] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5958 attached [pid 5958] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5957] <... clone3 resumed> => {parent_tid=[5958]}, 88) = 5958 [pid 5958] <... rseq resumed>) = 0 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], [pid 5958] set_robust_list(0x7f03761f79a0, 24 [pid 5957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5958] <... set_robust_list resumed>) = 0 [pid 5957] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] rt_sigprocmask(SIG_SETMASK, [], [pid 5957] <... futex resumed>) = 0 [pid 5958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5958] munmap(0x7f036dc00000, 138412032) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5958] close(3) = 0 [pid 5958] close(4) = 0 [pid 5958] mkdir("./bus", 0777) = 0 [ 217.281533][ T5958] loop0: detected capacity change from 0 to 2048 [pid 5958] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5958] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5958] chdir("./bus") = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5958] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... futex resumed>) = 0 [pid 5957] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] <... futex resumed>) = 0 [pid 5957] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 5958] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] <... futex resumed>) = 0 [pid 5958] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5957] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... openat resumed>) = 5 [pid 5958] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 0 [pid 5958] <... futex resumed>) = 1 [pid 5957] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5957] <... futex resumed>) = 0 [pid 5957] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... openat resumed>) = 6 [pid 5958] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 0 [pid 5958] <... futex resumed>) = 1 [pid 5957] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] write(6, "t", 1 [pid 5957] <... futex resumed>) = 0 [pid 5957] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... write resumed>) = 1 [pid 5958] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] <... futex resumed>) = 0 [pid 5958] sendfile(6, 5, NULL, 131071 [pid 5957] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5957] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 217.444084][ T5958] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 217.459747][ T5958] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 217.472030][ T5958] EXT4-fs (loop0): This should not happen!! Data will be lost [ 217.472030][ T5958] [ 217.481758][ T5958] EXT4-fs (loop0): Total free blocks count 0 [ 217.487770][ T5958] EXT4-fs (loop0): Free/Dirty block details [pid 5957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5957] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5961 attached [pid 5961] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5958] <... sendfile resumed>) = 75 [pid 5957] <... clone3 resumed> => {parent_tid=[5961]}, 88) = 5961 [pid 5958] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], [pid 5961] set_robust_list(0x7f03761d69a0, 24 [pid 5957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5957] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5957] <... futex resumed>) = 0 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5958] <... futex resumed>) = 0 [pid 5958] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] <... open resumed>) = 7 [pid 5961] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5961] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5958] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5958] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... futex resumed>) = 0 [pid 5958] pipe2(0x20000240, 0) = 0 [ 217.493754][ T5958] EXT4-fs (loop0): free_blocks=2415919104 [ 217.499520][ T5958] EXT4-fs (loop0): dirty_blocks=16 [ 217.504739][ T5958] EXT4-fs (loop0): Block reservation details [ 217.510885][ T5958] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5958] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] exit_group(0 [pid 5961] <... futex resumed>) = ? [pid 5958] <... futex resumed>) = ? [pid 5957] <... exit_group resumed>) = ? [pid 5961] +++ exited with 0 +++ [pid 5958] +++ exited with 0 +++ [pid 5957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./169", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./169/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./169/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 217.634859][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 217.647114][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 217.647114][ T62] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/bus") = 0 umount2("./169/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached , child_tidptr=0x5555749a2690) = 5962 [pid 5962] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5962] chdir("./170") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5962] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5962] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5962] <... clone3 resumed> => {parent_tid=[5963]}, 88) = 5963 [pid 5963] <... rseq resumed>) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] set_robust_list(0x7f03761f79a0, 24 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5962] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5962] <... futex resumed>) = 0 [pid 5963] memfd_create("syzkaller", 0 [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5963] <... memfd_create resumed>) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5963] munmap(0x7f036dc00000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] close(4) = 0 [pid 5963] mkdir("./bus", 0777) = 0 [ 217.965370][ T5963] loop0: detected capacity change from 0 to 2048 [pid 5963] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5963] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./bus") = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5963] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5962] <... futex resumed>) = 1 [pid 5963] <... openat resumed>) = 4 [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5963] <... futex resumed>) = 1 [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 5963] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5963] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... openat resumed>) = 6 [pid 5963] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] write(6, "t", 1 [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... write resumed>) = 1 [pid 5963] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5963] sendfile(6, 5, NULL, 131071 [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5962] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5962] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 218.183328][ T5963] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 218.198958][ T5963] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 218.211373][ T5963] EXT4-fs (loop0): This should not happen!! Data will be lost [ 218.211373][ T5963] [ 218.221564][ T5963] EXT4-fs (loop0): Total free blocks count 0 [ 218.227601][ T5963] EXT4-fs (loop0): Free/Dirty block details [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5966 attached [pid 5966] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5962] <... clone3 resumed> => {parent_tid=[5966]}, 88) = 5966 [pid 5966] <... rseq resumed>) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] set_robust_list(0x7f03761d69a0, 24 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] <... set_robust_list resumed>) = 0 [pid 5962] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] <... futex resumed>) = 0 [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5966] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... sendfile resumed>) = 75 [pid 5966] <... futex resumed>) = 1 [pid 5963] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] <... futex resumed>) = 0 [pid 5963] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5963] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] <... mmap resumed>) = 0x20000000 [pid 5963] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5962] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] pipe2(0x20000240, 0) = 0 [pid 5963] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] exit_group(0 [pid 5966] <... futex resumed>) = ? [pid 5963] <... futex resumed>) = ? [pid 5962] <... exit_group resumed>) = ? [pid 5966] +++ exited with 0 +++ [pid 5963] +++ exited with 0 +++ [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 218.233650][ T5963] EXT4-fs (loop0): free_blocks=2415919104 [ 218.240595][ T5963] EXT4-fs (loop0): dirty_blocks=16 [ 218.245759][ T5963] EXT4-fs (loop0): Block reservation details [ 218.254337][ T5963] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./170/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./170/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 218.315677][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 218.328237][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 218.328237][ T62] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/bus") = 0 umount2("./170/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5967 attached [pid 5967] set_robust_list(0x5555749a26a0, 24 [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 5967 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5967] chdir("./171") = 0 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5967] setpgid(0, 0) = 0 [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5967] write(3, "1000", 4) = 4 [pid 5967] close(3) = 0 [pid 5967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5967] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5967] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5968 attached => {parent_tid=[5968]}, 88) = 5968 [pid 5968] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5967] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5968] <... rseq resumed>) = 0 [pid 5968] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5968] memfd_create("syzkaller", 0) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5968] munmap(0x7f036dc00000, 138412032) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5968] close(3) = 0 [pid 5968] close(4) = 0 [pid 5968] mkdir("./bus", 0777) = 0 [pid 5968] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 218.690482][ T5968] loop0: detected capacity change from 0 to 2048 [pid 5968] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5968] chdir("./bus") = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5968] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5968] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5967] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... openat resumed>) = 4 [pid 5968] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5967] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... openat resumed>) = 5 [pid 5968] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5967] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... openat resumed>) = 6 [pid 5968] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] write(6, "t", 1 [pid 5967] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... write resumed>) = 1 [pid 5968] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] sendfile(6, 5, NULL, 131071 [pid 5967] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5967] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5967] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 218.842605][ T5968] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 218.859242][ T5968] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 218.872227][ T5968] EXT4-fs (loop0): This should not happen!! Data will be lost [ 218.872227][ T5968] [ 218.883076][ T5968] EXT4-fs (loop0): Total free blocks count 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5971 attached [pid 5971] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5971] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5967] <... clone3 resumed> => {parent_tid=[5971]}, 88) = 5971 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5971] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5971] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5967] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [ 218.889381][ T5968] EXT4-fs (loop0): Free/Dirty block details [ 218.895641][ T5968] EXT4-fs (loop0): free_blocks=2415919104 [ 218.901436][ T5968] EXT4-fs (loop0): dirty_blocks=16 [ 218.908488][ T5968] EXT4-fs (loop0): Block reservation details [ 218.912993][ T29] kauditd_printk_skb: 13 callbacks suppressed [pid 5971] <... futex resumed>) = 1 [pid 5967] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] <... mmap resumed>) = 0x20000000 [pid 5968] <... sendfile resumed>) = 75 [pid 5968] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5971] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5968] pipe2( [pid 5967] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5968] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... futex resumed>) = 0 [pid 5967] exit_group(0 [pid 5968] <... futex resumed>) = ? [pid 5971] <... futex resumed>) = ? [pid 5967] <... exit_group resumed>) = ? [pid 5971] +++ exited with 0 +++ [pid 5968] +++ exited with 0 +++ [pid 5967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 218.913018][ T29] audit: type=1804 audit(1714530487.725:618): pid=5971 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/171/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 218.914636][ T5968] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./171", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./171/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./171/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 219.036112][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 219.048608][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 219.048608][ T2467] getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/bus") = 0 umount2("./171/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5972 attached , child_tidptr=0x5555749a2690) = 5972 [pid 5972] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5972] chdir("./172") = 0 [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5972] setpgid(0, 0) = 0 [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5972] write(3, "1000", 4) = 4 [pid 5972] close(3) = 0 [pid 5972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5972] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5972] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5973 attached => {parent_tid=[5973]}, 88) = 5973 [pid 5972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5973] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5972] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] set_robust_list(0x7f03761f79a0, 24 [pid 5972] <... futex resumed>) = 0 [pid 5973] <... set_robust_list resumed>) = 0 [pid 5972] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5973] memfd_create("syzkaller", 0) = 3 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5973] munmap(0x7f036dc00000, 138412032) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5973] close(3) = 0 [pid 5973] close(4) = 0 [pid 5973] mkdir("./bus", 0777) = 0 [pid 5973] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 219.406565][ T5973] loop0: detected capacity change from 0 to 2048 [pid 5973] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5973] chdir("./bus") = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5973] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] <... futex resumed>) = 0 [pid 5973] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5972] <... futex resumed>) = 0 [pid 5973] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5972] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... openat resumed>) = 4 [pid 5973] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5973] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = 0 [pid 5972] <... futex resumed>) = 1 [pid 5973] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5972] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... openat resumed>) = 5 [pid 5973] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] <... futex resumed>) = 0 [pid 5973] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5972] <... futex resumed>) = 0 [pid 5973] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5972] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... openat resumed>) = 6 [pid 5973] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] write(6, "t", 1 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... write resumed>) = 1 [pid 5973] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5973] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = 0 [pid 5972] <... futex resumed>) = 1 [pid 5973] sendfile(6, 5, NULL, 131071 [ 219.507027][ T29] audit: type=1804 audit(1714530488.315:619): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/172/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 219.531499][ T29] audit: type=1804 audit(1714530488.315:620): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/172/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5972] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5972] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5972] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5976 attached [pid 5976] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5976] set_robust_list(0x7f03761d69a0, 24 [pid 5972] <... clone3 resumed> => {parent_tid=[5976]}, 88) = 5976 [pid 5976] <... set_robust_list resumed>) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5972] rt_sigprocmask(SIG_SETMASK, [], [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5976] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5972] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 219.579989][ T5973] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 219.595960][ T5973] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 219.608246][ T5973] EXT4-fs (loop0): This should not happen!! Data will be lost [ 219.608246][ T5973] [ 219.618234][ T5973] EXT4-fs (loop0): Total free blocks count 0 [ 219.624413][ T5973] EXT4-fs (loop0): Free/Dirty block details [pid 5976] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5976] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5972] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5973] <... sendfile resumed>) = 75 [pid 5972] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... mmap resumed>) = 0x20000000 [pid 5973] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5973] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] <... futex resumed>) = 0 [pid 5976] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5972] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] pipe2( [pid 5972] <... futex resumed>) = 0 [pid 5973] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5972] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5973] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5972] <... futex resumed>) = 0 [pid 5972] exit_group(0 [pid 5976] <... futex resumed>) = ? [pid 5973] <... futex resumed>) = ? [pid 5972] <... exit_group resumed>) = ? [pid 5976] +++ exited with 0 +++ [pid 5973] +++ exited with 0 +++ [pid 5972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 219.630963][ T5973] EXT4-fs (loop0): free_blocks=2415919104 [ 219.632618][ T29] audit: type=1804 audit(1714530488.445:621): pid=5976 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/172/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 219.636732][ T5973] EXT4-fs (loop0): dirty_blocks=16 [ 219.665399][ T5973] EXT4-fs (loop0): Block reservation details [ 219.671470][ T5973] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./172", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./172/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./172/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/bus") = 0 umount2("./172/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 219.734931][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 219.747258][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 219.747258][ T2467] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached , child_tidptr=0x5555749a2690) = 5977 [pid 5977] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5977] chdir("./173") = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5977] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5977] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5977] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5978 attached [pid 5978] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5978] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], [pid 5977] <... clone3 resumed> => {parent_tid=[5978]}, 88) = 5978 [pid 5978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], [pid 5978] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5977] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 1 [pid 5978] memfd_create("syzkaller", 0 [pid 5977] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5978] <... memfd_create resumed>) = 3 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5978] munmap(0x7f036dc00000, 138412032) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5978] close(3) = 0 [pid 5978] close(4) = 0 [pid 5978] mkdir("./bus", 0777) = 0 [pid 5978] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 219.966707][ T5978] loop0: detected capacity change from 0 to 2048 [pid 5978] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5978] chdir("./bus") = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5978] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5978] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5977] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... openat resumed>) = 4 [pid 5978] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5977] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... openat resumed>) = 5 [pid 5978] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 1 [pid 5978] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5977] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... openat resumed>) = 6 [pid 5978] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 1 [pid 5977] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] write(6, "t", 1 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... write resumed>) = 1 [pid 5978] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5978] sendfile(6, 5, NULL, 131071 [pid 5977] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 220.065871][ T29] audit: type=1804 audit(1714530488.875:622): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/173/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 220.093029][ T29] audit: type=1804 audit(1714530488.905:623): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/173/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5977] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5977] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5977] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5981]}, 88) = 5981 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5977] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 220.149108][ T5978] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 220.164360][ T5978] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 220.177264][ T5978] EXT4-fs (loop0): This should not happen!! Data will be lost [ 220.177264][ T5978] [ 220.187106][ T5978] EXT4-fs (loop0): Total free blocks count 0 [ 220.193196][ T5978] EXT4-fs (loop0): Free/Dirty block details [pid 5977] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5981 attached [pid 5981] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5981] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5981] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5978] <... sendfile resumed>) = 75 [pid 5978] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... futex resumed>) = 0 [pid 5978] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5978] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] <... futex resumed>) = 0 [pid 5978] pipe2(0x20000240, 0) = 0 [ 220.199181][ T5978] EXT4-fs (loop0): free_blocks=2415919104 [ 220.205071][ T5978] EXT4-fs (loop0): dirty_blocks=16 [ 220.210274][ T5978] EXT4-fs (loop0): Block reservation details [ 220.216296][ T5978] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5977] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 1 [pid 5977] exit_group(0 [pid 5981] <... futex resumed>) = ? [pid 5977] <... exit_group resumed>) = ? [pid 5981] +++ exited with 0 +++ [pid 5978] +++ exited with 0 +++ [pid 5977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 220.226183][ T29] audit: type=1804 audit(1714530489.035:624): pid=5981 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/173/bus/bus" dev="loop0" ino=18 res=1 errno=0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./173/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./173/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 220.292770][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 220.305061][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 220.305061][ T62] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/bus") = 0 umount2("./173/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5982 attached , child_tidptr=0x5555749a2690) = 5982 [pid 5982] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5982] chdir("./174") = 0 [pid 5982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5982] setpgid(0, 0) = 0 [pid 5982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5982] write(3, "1000", 4) = 4 [pid 5982] close(3) = 0 [pid 5982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5982] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5982] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5982] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5983 attached [pid 5983] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5982] <... clone3 resumed> => {parent_tid=[5983]}, 88) = 5983 [pid 5983] set_robust_list(0x7f03761f79a0, 24 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], [pid 5983] <... set_robust_list resumed>) = 0 [pid 5982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5982] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] memfd_create("syzkaller", 0 [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5983] <... memfd_create resumed>) = 3 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5983] munmap(0x7f036dc00000, 138412032) = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5983] close(3) = 0 [pid 5983] close(4) = 0 [pid 5983] mkdir("./bus", 0777) = 0 [pid 5983] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5983] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5983] chdir("./bus") = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5983] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5983] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = 0 [pid 5983] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [ 220.694194][ T5983] loop0: detected capacity change from 0 to 2048 [pid 5982] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... openat resumed>) = 4 [pid 5983] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5983] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5982] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... openat resumed>) = 5 [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5982] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5982] <... futex resumed>) = 0 [pid 5983] <... openat resumed>) = 6 [pid 5982] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] write(6, "t", 1 [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] <... write resumed>) = 1 [pid 5983] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5983] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = 0 [pid 5983] sendfile(6, 5, NULL, 131071 [ 220.769838][ T29] audit: type=1804 audit(1714530489.575:625): pid=5983 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/174/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 220.794615][ T29] audit: type=1804 audit(1714530489.575:626): pid=5983 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/174/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 5982] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5982] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5982] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5986]}, 88) = 5986 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5986 attached NULL, 8) = 0 [pid 5986] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5982] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... rseq resumed>) = 0 [pid 5982] <... futex resumed>) = 0 [pid 5986] set_robust_list(0x7f03761d69a0, 24 [pid 5982] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... set_robust_list resumed>) = 0 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5986] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5986] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5982] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 220.855545][ T5983] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 220.870811][ T5983] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 220.886716][ T5983] EXT4-fs (loop0): This should not happen!! Data will be lost [ 220.886716][ T5983] [ 220.901272][ T5983] EXT4-fs (loop0): Total free blocks count 0 [ 220.902116][ T29] audit: type=1804 audit(1714530489.705:627): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/174/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 220.907434][ T5983] EXT4-fs (loop0): Free/Dirty block details [ 220.936826][ T5983] EXT4-fs (loop0): free_blocks=2415919104 [ 220.942878][ T5983] EXT4-fs (loop0): dirty_blocks=16 [ 220.948021][ T5983] EXT4-fs (loop0): Block reservation details [pid 5986] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5982] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5982] futex(0x7f03762c96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... mmap resumed>) = 0x20000000 [pid 5983] <... sendfile resumed>) = 75 [pid 5986] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 0 [pid 5983] <... futex resumed>) = 0 [pid 5982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5986] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... mmap resumed>) = 0x7f0376195000 [pid 5982] mprotect(0x7f0376196000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761b5990, parent_tid=0x7f03761b5990, exit_signal=0, stack=0x7f0376195000, stack_size=0x20300, tls=0x7f03761b56c0} => {parent_tid=[5987]}, 88) = 5987 ./strace-static-x86_64: Process 5987 attached [pid 5987] rseq(0x7f03761b5fe0, 0x20, 0, 0x53053053 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], [pid 5987] <... rseq resumed>) = 0 [pid 5982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5987] set_robust_list(0x7f03761b59a0, 24 [pid 5982] futex(0x7f03762c96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5982] <... futex resumed>) = 0 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], [pid 5982] futex(0x7f03762c96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5987] pipe2(0x20000240, 0) = 0 [ 220.954397][ T5983] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5987] futex(0x7f03762c96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5987] futex(0x7f03762c96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] exit_group(0 [pid 5987] <... futex resumed>) = ? [pid 5986] <... futex resumed>) = ? [pid 5983] <... futex resumed>) = ? [pid 5982] <... exit_group resumed>) = ? [pid 5987] +++ exited with 0 +++ [pid 5986] +++ exited with 0 +++ [pid 5983] +++ exited with 0 +++ [pid 5982] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5982, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./174", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./174/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./174/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 221.055069][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 221.067962][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 221.067962][ T62] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/bus") = 0 umount2("./174/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5988 attached , child_tidptr=0x5555749a2690) = 5988 [pid 5988] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5988] chdir("./175") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5988] write(3, "1000", 4) = 4 [pid 5988] close(3) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5988] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5989 attached [pid 5989] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 5988] <... clone3 resumed> => {parent_tid=[5989]}, 88) = 5989 [pid 5989] set_robust_list(0x7f03761f79a0, 24 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5989] <... set_robust_list resumed>) = 0 [pid 5989] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5988] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] memfd_create("syzkaller", 0 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5989] <... memfd_create resumed>) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5989] munmap(0x7f036dc00000, 138412032) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] close(4) = 0 [pid 5989] mkdir("./bus", 0777) = 0 [pid 5989] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5989] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5989] chdir("./bus") = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 221.390568][ T5989] loop0: detected capacity change from 0 to 2048 [pid 5989] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... futex resumed>) = 0 [pid 5988] <... futex resumed>) = 1 [pid 5989] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] <... openat resumed>) = 4 [pid 5989] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5989] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5988] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... openat resumed>) = 5 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5989] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5988] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] <... openat resumed>) = 6 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... futex resumed>) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5989] write(6, "t", 1 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] <... write resumed>) = 1 [pid 5989] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5989] sendfile(6, 5, NULL, 131071 [pid 5988] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5988] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5988] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 221.556672][ T5989] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 221.572050][ T5989] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 221.584393][ T5989] EXT4-fs (loop0): This should not happen!! Data will be lost [ 221.584393][ T5989] [ 221.594277][ T5989] EXT4-fs (loop0): Total free blocks count 0 [ 221.600351][ T5989] EXT4-fs (loop0): Free/Dirty block details [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 5992 attached [pid 5992] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 5988] <... clone3 resumed> => {parent_tid=[5992]}, 88) = 5992 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] <... rseq resumed>) = 0 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] set_robust_list(0x7f03761d69a0, 24 [pid 5988] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] <... set_robust_list resumed>) = 0 [pid 5988] <... futex resumed>) = 0 [pid 5992] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5992] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... sendfile resumed>) = 75 [pid 5992] <... futex resumed>) = 1 [pid 5989] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = 0 [pid 5992] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] <... futex resumed>) = 1 [pid 5989] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=47000000} [pid 5989] <... mmap resumed>) = 0x20000000 [pid 5989] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5989] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... futex resumed>) = 0 [pid 5988] <... futex resumed>) = 1 [pid 5989] pipe2( [pid 5988] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5989] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5989] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] exit_group(0 [pid 5992] <... futex resumed>) = ? [pid 5988] <... exit_group resumed>) = ? [ 221.606268][ T5989] EXT4-fs (loop0): free_blocks=2415919104 [ 221.612099][ T5989] EXT4-fs (loop0): dirty_blocks=16 [ 221.617267][ T5989] EXT4-fs (loop0): Block reservation details [ 221.623368][ T5989] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5992] +++ exited with 0 +++ [pid 5989] <... futex resumed>) = ? [pid 5989] +++ exited with 0 +++ [pid 5988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./175", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./175/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./175/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 221.696182][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 221.708626][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 221.708626][ T2467] openat(AT_FDCWD, "./175/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/bus") = 0 umount2("./175/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5993 attached , child_tidptr=0x5555749a2690) = 5993 [pid 5993] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5993] chdir("./176") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5993] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5993] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5994 attached [pid 5994] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5993] <... clone3 resumed> => {parent_tid=[5994]}, 88) = 5994 [pid 5994] <... rseq resumed>) = 0 [pid 5994] set_robust_list(0x7f03761f79a0, 24 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], [pid 5994] <... set_robust_list resumed>) = 0 [pid 5993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5993] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5993] <... futex resumed>) = 0 [pid 5994] memfd_create("syzkaller", 0 [pid 5993] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5994] <... memfd_create resumed>) = 3 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5994] munmap(0x7f036dc00000, 138412032) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5994] close(3) = 0 [pid 5994] close(4) = 0 [pid 5994] mkdir("./bus", 0777) = 0 [pid 5994] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 5994] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5994] chdir("./bus") = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5994] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5993] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 222.065443][ T5994] loop0: detected capacity change from 0 to 2048 [pid 5993] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... openat resumed>) = 4 [pid 5994] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5993] <... futex resumed>) = 0 [pid 5994] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5993] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... openat resumed>) = 5 [pid 5994] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = 0 [pid 5993] <... futex resumed>) = 1 [pid 5994] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 5993] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... openat resumed>) = 6 [pid 5994] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5993] <... futex resumed>) = 0 [pid 5994] write(6, "t", 1 [pid 5993] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... write resumed>) = 1 [pid 5994] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5993] <... futex resumed>) = 0 [pid 5994] sendfile(6, 5, NULL, 131071 [pid 5993] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5993] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 222.200254][ T5994] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 222.215497][ T5994] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 222.227871][ T5994] EXT4-fs (loop0): This should not happen!! Data will be lost [ 222.227871][ T5994] [ 222.237720][ T5994] EXT4-fs (loop0): Total free blocks count 0 [ 222.243789][ T5994] EXT4-fs (loop0): Free/Dirty block details [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5993] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[5997]}, 88) = 5997 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5993] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5997 attached [pid 5993] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 5994] <... sendfile resumed>) = 75 [pid 5997] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], [pid 5994] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5997] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 5997] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = 0 [pid 5997] <... futex resumed>) = 1 [pid 5994] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = 0 [pid 5997] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = 0 [pid 5993] <... futex resumed>) = 1 [pid 5994] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5993] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... mmap resumed>) = 0x20000000 [pid 5994] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [ 222.249731][ T5994] EXT4-fs (loop0): free_blocks=2415919104 [ 222.255580][ T5994] EXT4-fs (loop0): dirty_blocks=16 [ 222.260859][ T5994] EXT4-fs (loop0): Block reservation details [ 222.266975][ T5994] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 5993] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] pipe2(0x20000240, 0) = 0 [pid 5994] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] exit_group(0 [pid 5997] <... futex resumed>) = ? [pid 5994] <... futex resumed>) = ? [pid 5993] <... exit_group resumed>) = ? [pid 5997] +++ exited with 0 +++ [pid 5994] +++ exited with 0 +++ [pid 5993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./176", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./176/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./176/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 222.384568][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 222.396866][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 222.396866][ T62] umount2("./176/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/bus") = 0 umount2("./176/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5998 attached , child_tidptr=0x5555749a2690) = 5998 [pid 5998] set_robust_list(0x5555749a26a0, 24) = 0 [pid 5998] chdir("./177") = 0 [pid 5998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5998] setpgid(0, 0) = 0 [pid 5998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5998] write(3, "1000", 4) = 4 [pid 5998] close(3) = 0 [pid 5998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5998] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 5998] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 5998] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 5999 attached [pid 5999] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 5998] <... clone3 resumed> => {parent_tid=[5999]}, 88) = 5999 [pid 5999] <... rseq resumed>) = 0 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 5999] set_robust_list(0x7f03761f79a0, 24 [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5999] <... set_robust_list resumed>) = 0 [pid 5998] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5998] <... futex resumed>) = 0 [pid 5999] memfd_create("syzkaller", 0 [pid 5998] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5999] <... memfd_create resumed>) = 3 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 5999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5999] munmap(0x7f036dc00000, 138412032) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5999] close(3) = 0 [pid 5999] close(4) = 0 [pid 5999] mkdir("./bus", 0777) = 0 [pid 5999] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 222.787821][ T5999] loop0: detected capacity change from 0 to 2048 [pid 5999] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5999] chdir("./bus") = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5999] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5999] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 5999] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 5998] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... openat resumed>) = 4 [pid 5999] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5999] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] openat(AT_FDCWD, "./bus", O_RDONLY [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... openat resumed>) = 5 [pid 5999] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... futex resumed>) = 1 [pid 5999] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 5999] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5999] write(6, "t", 1 [pid 5998] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... write resumed>) = 1 [pid 5999] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] <... futex resumed>) = 0 [pid 5998] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 5999] sendfile(6, 5, NULL, 131071 [pid 5998] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5998] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 5998] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6003 attached => {parent_tid=[6003]}, 88) = 6003 [pid 6003] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [ 222.951282][ T5999] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 222.967264][ T5999] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 222.980712][ T5999] EXT4-fs (loop0): This should not happen!! Data will be lost [ 222.980712][ T5999] [ 222.990535][ T5999] EXT4-fs (loop0): Total free blocks count 0 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 6003] <... rseq resumed>) = 0 [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] set_robust_list(0x7f03761d69a0, 24 [pid 5998] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... set_robust_list resumed>) = 0 [pid 5998] <... futex resumed>) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], [pid 5998] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6003] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 6003] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5998] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... sendfile resumed>) = 75 [pid 5999] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] <... futex resumed>) = 0 [pid 5999] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... mmap resumed>) = 0x20000000 [pid 6003] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 6003] <... futex resumed>) = 1 [pid 5998] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 5999] pipe2( [pid 5998] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5999] <... pipe2 resumed>0x20000240, 0) = 0 [pid 5999] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] <... futex resumed>) = 0 [pid 5998] exit_group(0 [pid 6003] <... futex resumed>) = ? [pid 5999] <... futex resumed>) = ? [pid 5998] <... exit_group resumed>) = ? [pid 6003] +++ exited with 0 +++ [pid 5999] +++ exited with 0 +++ [pid 5998] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5998, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [ 222.997198][ T5999] EXT4-fs (loop0): Free/Dirty block details [ 223.003304][ T5999] EXT4-fs (loop0): free_blocks=2415919104 [ 223.009080][ T5999] EXT4-fs (loop0): dirty_blocks=16 [ 223.014293][ T5999] EXT4-fs (loop0): Block reservation details [ 223.020477][ T5999] EXT4-fs (loop0): i_reserved_data_blocks=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./177/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./177/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 223.082861][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 223.095217][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 223.095217][ T62] rmdir("./177/bus") = 0 umount2("./177/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 6004 ./strace-static-x86_64: Process 6004 attached [pid 6004] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6004] chdir("./178") = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6004] setpgid(0, 0) = 0 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6004] write(3, "1000", 4) = 4 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6004] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6004] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6005 attached [pid 6005] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6004] <... clone3 resumed> => {parent_tid=[6005]}, 88) = 6005 [pid 6005] <... rseq resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] set_robust_list(0x7f03761f79a0, 24 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6004] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6004] <... futex resumed>) = 0 [pid 6005] memfd_create("syzkaller", 0 [pid 6004] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6005] <... memfd_create resumed>) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6005] munmap(0x7f036dc00000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./bus", 0777) = 0 [pid 6005] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 223.376755][ T6005] loop0: detected capacity change from 0 to 2048 [pid 6005] chdir("./bus") = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6005] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6004] <... futex resumed>) = 0 [pid 6005] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6004] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... openat resumed>) = 4 [pid 6005] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6004] <... futex resumed>) = 0 [pid 6005] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6004] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... openat resumed>) = 5 [pid 6005] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6004] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6004] <... futex resumed>) = 0 [pid 6005] <... openat resumed>) = 6 [pid 6004] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6004] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] write(6, "t", 1 [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... write resumed>) = 1 [pid 6005] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6005] sendfile(6, 5, NULL, 131071 [pid 6004] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6004] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6004] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 223.529142][ T6005] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 223.546004][ T6005] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 223.558734][ T6005] EXT4-fs (loop0): This should not happen!! Data will be lost [ 223.558734][ T6005] [ 223.569115][ T6005] EXT4-fs (loop0): Total free blocks count 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6008 attached [pid 6008] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6004] <... clone3 resumed> => {parent_tid=[6008]}, 88) = 6008 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6008] <... rseq resumed>) = 0 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6008] set_robust_list(0x7f03761d69a0, 24 [pid 6004] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... set_robust_list resumed>) = 0 [pid 6004] <... futex resumed>) = 0 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6004] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6008] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6004] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... mmap resumed>) = 0x20000000 [pid 6008] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] <... sendfile resumed>) = 75 [pid 6004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6005] pipe2( [pid 6004] <... futex resumed>) = 1 [pid 6004] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6005] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] exit_group(0 [pid 6005] <... futex resumed>) = ? [pid 6008] <... futex resumed>) = ? [pid 6005] +++ exited with 0 +++ [pid 6004] <... exit_group resumed>) = ? [pid 6008] +++ exited with 0 +++ [pid 6004] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./178", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 223.575490][ T6005] EXT4-fs (loop0): Free/Dirty block details [ 223.581541][ T6005] EXT4-fs (loop0): free_blocks=2415919104 [ 223.588832][ T6005] EXT4-fs (loop0): dirty_blocks=16 [ 223.595301][ T6005] EXT4-fs (loop0): Block reservation details [ 223.601685][ T6005] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./178/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./178/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 223.656154][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 223.668632][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 223.668632][ T62] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/bus") = 0 umount2("./178/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached , child_tidptr=0x5555749a2690) = 6009 [pid 6009] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6009] chdir("./179") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6009] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6009] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6010 attached [pid 6010] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6010] set_robust_list(0x7f03761f79a0, 24 [pid 6009] <... clone3 resumed> => {parent_tid=[6010]}, 88) = 6010 [pid 6010] <... set_robust_list resumed>) = 0 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], [pid 6010] rt_sigprocmask(SIG_SETMASK, [], [pid 6009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6009] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] memfd_create("syzkaller", 0 [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6010] <... memfd_create resumed>) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6010] munmap(0x7f036dc00000, 138412032) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6010] close(3) = 0 [pid 6010] close(4) = 0 [pid 6010] mkdir("./bus", 0777) = 0 [pid 6010] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6010] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6010] chdir("./bus") = 0 [ 224.057048][ T6010] loop0: detected capacity change from 0 to 2048 [ 224.086899][ T6010] EXT4-fs mount: 24 callbacks suppressed [ 224.086924][ T6010] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6010] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 6010] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6009] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... openat resumed>) = 4 [pid 6010] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... futex resumed>) = 1 [pid 6010] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 6010] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6010] <... futex resumed>) = 1 [pid 6009] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... openat resumed>) = 6 [pid 6010] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] write(6, "t", 1 [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... write resumed>) = 1 [pid 6010] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [ 224.156552][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 224.156576][ T29] audit: type=1804 audit(1714530492.965:640): pid=6010 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/179/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6010] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6010] sendfile(6, 5, NULL, 131071 [pid 6009] <... futex resumed>) = 0 [ 224.187011][ T29] audit: type=1804 audit(1714530492.965:641): pid=6010 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/179/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6009] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6009] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6009] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 224.254103][ T6010] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 224.269472][ T6010] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 224.281783][ T6010] EXT4-fs (loop0): This should not happen!! Data will be lost [ 224.281783][ T6010] [ 224.291511][ T6010] EXT4-fs (loop0): Total free blocks count 0 [ 224.297530][ T6010] EXT4-fs (loop0): Free/Dirty block details [pid 6009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6013 attached => {parent_tid=[6013]}, 88) = 6013 [pid 6013] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], [pid 6013] <... rseq resumed>) = 0 [pid 6009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6013] set_robust_list(0x7f03761d69a0, 24 [pid 6009] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] <... set_robust_list resumed>) = 0 [pid 6009] <... futex resumed>) = 0 [pid 6013] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6009] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6013] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6013] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... sendfile resumed>) = 75 [pid 6009] <... futex resumed>) = 1 [pid 6010] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... futex resumed>) = 0 [pid 6010] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] <... futex resumed>) = 0 [pid 6013] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6013] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = 0 [pid 6009] <... futex resumed>) = 1 [pid 6010] pipe2( [pid 6009] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6010] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] exit_group(0 [pid 6013] <... futex resumed>) = ? [pid 6010] <... futex resumed>) = ? [pid 6009] <... exit_group resumed>) = ? [pid 6013] +++ exited with 0 +++ [pid 6010] +++ exited with 0 +++ [pid 6009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./179", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 224.303501][ T6010] EXT4-fs (loop0): free_blocks=2415919104 [ 224.309277][ T6010] EXT4-fs (loop0): dirty_blocks=16 [ 224.314354][ T29] audit: type=1804 audit(1714530493.125:642): pid=6013 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/179/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 224.314638][ T6010] EXT4-fs (loop0): Block reservation details [ 224.343955][ T6010] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./179/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./179/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 224.405576][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/bus") = 0 umount2("./179/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6014 attached , child_tidptr=0x5555749a2690) = 6014 [pid 6014] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6014] chdir("./180") = 0 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] setpgid(0, 0) = 0 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6014] write(3, "1000", 4) = 4 [pid 6014] close(3) = 0 [pid 6014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6014] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6014] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6015 attached [pid 6015] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6014] <... clone3 resumed> => {parent_tid=[6015]}, 88) = 6015 [pid 6015] set_robust_list(0x7f03761f79a0, 24 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], [pid 6015] <... set_robust_list resumed>) = 0 [pid 6014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], [pid 6014] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6014] <... futex resumed>) = 0 [pid 6015] memfd_create("syzkaller", 0 [pid 6014] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6015] <... memfd_create resumed>) = 3 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6015] munmap(0x7f036dc00000, 138412032) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6015] close(3) = 0 [pid 6015] close(4) = 0 [pid 6015] mkdir("./bus", 0777) = 0 [ 224.746610][ T6015] loop0: detected capacity change from 0 to 2048 [pid 6015] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6015] chdir("./bus") = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6015] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = 0 [pid 6015] <... futex resumed>) = 1 [pid 6014] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] <... openat resumed>) = 4 [pid 6015] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6015] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6014] <... futex resumed>) = 0 [pid 6015] <... openat resumed>) = 5 [ 224.795678][ T6015] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6014] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = 0 [pid 6015] <... futex resumed>) = 1 [pid 6014] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6014] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] <... openat resumed>) = 6 [pid 6015] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] write(6, "t", 1) = 1 [pid 6015] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6015] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] sendfile(6, 5, NULL, 131071 [pid 6014] <... futex resumed>) = 0 [ 224.847060][ T29] audit: type=1804 audit(1714530493.655:643): pid=6015 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/180/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 224.872491][ T29] audit: type=1804 audit(1714530493.655:644): pid=6015 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/180/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6014] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6014] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6014] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 224.924857][ T6015] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 224.940308][ T6015] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 224.952615][ T6015] EXT4-fs (loop0): This should not happen!! Data will be lost [ 224.952615][ T6015] [ 224.962434][ T6015] EXT4-fs (loop0): Total free blocks count 0 [ 224.968880][ T6015] EXT4-fs (loop0): Free/Dirty block details [pid 6014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6018 attached [pid 6018] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6018] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6014] <... clone3 resumed> => {parent_tid=[6018]}, 88) = 6018 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6014] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6015] <... sendfile resumed>) = 75 [pid 6014] <... futex resumed>) = 0 [pid 6015] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... open resumed>) = 7 [pid 6014] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = 1 [pid 6014] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] <... futex resumed>) = 1 [pid 6014] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] <... futex resumed>) = 0 [ 224.975248][ T6015] EXT4-fs (loop0): free_blocks=2415919104 [ 224.981902][ T6015] EXT4-fs (loop0): dirty_blocks=16 [ 224.987046][ T6015] EXT4-fs (loop0): Block reservation details [ 224.993548][ T6015] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6015] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6015] pipe2( [pid 6014] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] <... futex resumed>) = 0 [pid 6014] exit_group(0 [pid 6015] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... futex resumed>) = ? [pid 6015] <... futex resumed>) = ? [pid 6014] <... exit_group resumed>) = ? [pid 6018] +++ exited with 0 +++ [pid 6015] +++ exited with 0 +++ [pid 6014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 225.003308][ T29] audit: type=1804 audit(1714530493.815:645): pid=6018 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/180/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./180", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./180/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./180/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/bus") = 0 umount2("./180/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 [ 225.075530][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6019 attached , child_tidptr=0x5555749a2690) = 6019 [pid 6019] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6019] chdir("./181") = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6019] setpgid(0, 0) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6019] write(3, "1000", 4) = 4 [pid 6019] close(3) = 0 [pid 6019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6019] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6019] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6019] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6020 attached => {parent_tid=[6020]}, 88) = 6020 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6020] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6019] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] set_robust_list(0x7f03761f79a0, 24 [pid 6019] <... futex resumed>) = 0 [pid 6020] <... set_robust_list resumed>) = 0 [pid 6019] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6020] memfd_create("syzkaller", 0) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6020] munmap(0x7f036dc00000, 138412032) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6020] close(3) = 0 [pid 6020] close(4) = 0 [pid 6020] mkdir("./bus", 0777) = 0 [ 225.345527][ T6020] loop0: detected capacity change from 0 to 2048 [pid 6020] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6020] chdir("./bus") = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6020] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6019] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... openat resumed>) = 4 [ 225.410986][ T6020] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6020] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6019] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... openat resumed>) = 5 [pid 6020] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6019] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... openat resumed>) = 6 [pid 6020] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] write(6, "t", 1 [pid 6019] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... write resumed>) = 1 [pid 6020] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6020] sendfile(6, 5, NULL, 131071 [ 225.472014][ T29] audit: type=1804 audit(1714530494.285:646): pid=6020 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/181/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 225.496256][ T29] audit: type=1804 audit(1714530494.285:647): pid=6020 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/181/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6019] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6019] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6019] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 225.541113][ T6020] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 225.557047][ T6020] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 225.569420][ T6020] EXT4-fs (loop0): This should not happen!! Data will be lost [ 225.569420][ T6020] [ 225.579151][ T6020] EXT4-fs (loop0): Total free blocks count 0 [ 225.585214][ T6020] EXT4-fs (loop0): Free/Dirty block details [pid 6019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6023 attached [pid 6023] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6019] <... clone3 resumed> => {parent_tid=[6023]}, 88) = 6023 [pid 6023] <... rseq resumed>) = 0 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6023] set_robust_list(0x7f03761d69a0, 24 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6023] <... set_robust_list resumed>) = 0 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6023] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6019] <... futex resumed>) = 0 [pid 6023] <... open resumed>) = 7 [pid 6019] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... sendfile resumed>) = 75 [pid 6023] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] <... futex resumed>) = 0 [pid 6020] <... futex resumed>) = 0 [pid 6023] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6019] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... mmap resumed>) = 0x20000000 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6020] <... futex resumed>) = 0 [pid 6020] pipe2( [pid 6019] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6020] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] exit_group(0 [pid 6023] <... futex resumed>) = ? [pid 6020] <... futex resumed>) = ? [pid 6019] <... exit_group resumed>) = ? [pid 6020] +++ exited with 0 +++ [pid 6023] +++ exited with 0 +++ [pid 6019] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [ 225.591191][ T6020] EXT4-fs (loop0): free_blocks=2415919104 [ 225.596957][ T6020] EXT4-fs (loop0): dirty_blocks=16 [ 225.602264][ T6020] EXT4-fs (loop0): Block reservation details [ 225.608286][ T6020] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 225.609664][ T29] audit: type=1804 audit(1714530494.415:648): pid=6023 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/181/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./181", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./181/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./181/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/bus") = 0 umount2("./181/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 [ 225.717964][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached , child_tidptr=0x5555749a2690) = 6024 [pid 6024] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6024] chdir("./182") = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6024] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6024] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6025 attached [pid 6025] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6025] set_robust_list(0x7f03761f79a0, 24 [pid 6024] <... clone3 resumed> => {parent_tid=[6025]}, 88) = 6025 [pid 6025] <... set_robust_list resumed>) = 0 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], [pid 6025] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6024] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] memfd_create("syzkaller", 0 [pid 6024] <... futex resumed>) = 0 [pid 6025] <... memfd_create resumed>) = 3 [pid 6024] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6025] munmap(0x7f036dc00000, 138412032) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6025] close(3) = 0 [pid 6025] close(4) = 0 [pid 6025] mkdir("./bus", 0777) = 0 [ 225.958388][ T6025] loop0: detected capacity change from 0 to 2048 [pid 6025] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6025] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./bus") = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6025] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = 0 [pid 6025] <... futex resumed>) = 1 [pid 6024] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... openat resumed>) = 4 [pid 6025] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6025] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 226.005183][ T6025] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6025] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6025] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6024] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 6025] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = 0 [pid 6024] <... futex resumed>) = 1 [pid 6025] write(6, "t", 1 [pid 6024] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... write resumed>) = 1 [pid 6025] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = 0 [pid 6024] <... futex resumed>) = 1 [pid 6025] sendfile(6, 5, NULL, 131071 [ 226.057712][ T29] audit: type=1804 audit(1714530494.865:649): pid=6025 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/182/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6024] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6024] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6024] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 226.129931][ T6025] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 226.145382][ T6025] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 226.157869][ T6025] EXT4-fs (loop0): This should not happen!! Data will be lost [ 226.157869][ T6025] [ 226.167613][ T6025] EXT4-fs (loop0): Total free blocks count 0 [ 226.173667][ T6025] EXT4-fs (loop0): Free/Dirty block details [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6028 attached [pid 6028] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6024] <... clone3 resumed> => {parent_tid=[6028]}, 88) = 6028 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], [pid 6028] <... rseq resumed>) = 0 [pid 6024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6028] set_robust_list(0x7f03761d69a0, 24 [pid 6024] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... set_robust_list resumed>) = 0 [pid 6024] <... futex resumed>) = 0 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6028] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6028] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... sendfile resumed>) = 75 [pid 6028] <... futex resumed>) = 1 [pid 6025] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = 0 [pid 6028] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... futex resumed>) = 0 [pid 6025] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6025] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] pipe2( [pid 6024] <... futex resumed>) = 0 [pid 6025] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6024] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6025] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] exit_group(0 [pid 6028] <... futex resumed>) = ? [pid 6025] <... futex resumed>) = ? [pid 6024] <... exit_group resumed>) = ? [pid 6028] +++ exited with 0 +++ [pid 6025] +++ exited with 0 +++ [ 226.179595][ T6025] EXT4-fs (loop0): free_blocks=2415919104 [ 226.185394][ T6025] EXT4-fs (loop0): dirty_blocks=16 [ 226.190610][ T6025] EXT4-fs (loop0): Block reservation details [ 226.196625][ T6025] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./182", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./182/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./182/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 226.276115][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/bus") = 0 umount2("./182/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6029 attached , child_tidptr=0x5555749a2690) = 6029 [pid 6029] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6029] chdir("./183") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6029] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6029] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6030 attached [pid 6030] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6030] set_robust_list(0x7f03761f79a0, 24 [pid 6029] <... clone3 resumed> => {parent_tid=[6030]}, 88) = 6030 [pid 6030] <... set_robust_list resumed>) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], [pid 6030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6030] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6029] <... futex resumed>) = 0 [pid 6030] memfd_create("syzkaller", 0 [pid 6029] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6030] <... memfd_create resumed>) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6030] munmap(0x7f036dc00000, 138412032) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6030] close(3) = 0 [pid 6030] close(4) = 0 [pid 6030] mkdir("./bus", 0777) = 0 [ 226.638766][ T6030] loop0: detected capacity change from 0 to 2048 [pid 6030] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./bus") = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6030] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6029] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.700495][ T6030] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6029] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... openat resumed>) = 4 [pid 6030] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [pid 6029] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... openat resumed>) = 5 [pid 6030] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6029] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... openat resumed>) = 6 [pid 6030] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6030] <... futex resumed>) = 0 [pid 6029] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] write(6, "t", 1 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... write resumed>) = 1 [pid 6030] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6030] <... futex resumed>) = 0 [pid 6029] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] sendfile(6, 5, NULL, 131071 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6029] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6029] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 226.841730][ T6030] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 226.857219][ T6030] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 226.870507][ T6030] EXT4-fs (loop0): This should not happen!! Data will be lost [ 226.870507][ T6030] [ 226.880852][ T6030] EXT4-fs (loop0): Total free blocks count 0 [pid 6029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6033 attached [pid 6033] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6029] <... clone3 resumed> => {parent_tid=[6033]}, 88) = 6033 [pid 6033] <... rseq resumed>) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], [pid 6033] set_robust_list(0x7f03761d69a0, 24 [pid 6029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6033] <... set_robust_list resumed>) = 0 [pid 6029] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], [pid 6029] <... futex resumed>) = 0 [pid 6033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6033] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6029] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... sendfile resumed>) = 75 [pid 6033] <... futex resumed>) = 1 [pid 6030] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6033] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] <... futex resumed>) = 0 [pid 6029] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6029] <... futex resumed>) = 0 [pid 6030] <... mmap resumed>) = 0x20000000 [pid 6029] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [pid 6029] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] pipe2( [pid 6029] <... futex resumed>) = 0 [pid 6030] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6029] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 0 [pid 6029] exit_group(0 [pid 6033] <... futex resumed>) = ? [pid 6030] <... futex resumed>) = ? [pid 6029] <... exit_group resumed>) = ? [pid 6033] +++ exited with 0 +++ [pid 6030] +++ exited with 0 +++ [pid 6029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./183", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 226.887363][ T6030] EXT4-fs (loop0): Free/Dirty block details [ 226.894207][ T6030] EXT4-fs (loop0): free_blocks=2415919104 [ 226.900634][ T6030] EXT4-fs (loop0): dirty_blocks=16 [ 226.906196][ T6030] EXT4-fs (loop0): Block reservation details [ 226.912649][ T6030] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./183/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./183/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/bus") = 0 [ 226.979620][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./183/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 6034 ./strace-static-x86_64: Process 6034 attached [pid 6034] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6034] chdir("./184") = 0 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6034] write(3, "1000", 4) = 4 [pid 6034] close(3) = 0 [pid 6034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6034] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6034] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6035 attached [pid 6035] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6034] <... clone3 resumed> => {parent_tid=[6035]}, 88) = 6035 [pid 6035] <... rseq resumed>) = 0 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], [pid 6035] set_robust_list(0x7f03761f79a0, 24 [pid 6034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6035] <... set_robust_list resumed>) = 0 [pid 6034] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], [pid 6034] <... futex resumed>) = 0 [pid 6035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6034] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6035] memfd_create("syzkaller", 0) = 3 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6035] munmap(0x7f036dc00000, 138412032) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6035] close(3) = 0 [pid 6035] close(4) = 0 [pid 6035] mkdir("./bus", 0777) = 0 [ 227.294156][ T6035] loop0: detected capacity change from 0 to 2048 [pid 6035] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6035] chdir("./bus") = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6035] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6034] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... openat resumed>) = 4 [pid 6035] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = 1 [pid 6034] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... openat resumed>) = 5 [pid 6035] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = 0 [pid 6034] <... futex resumed>) = 1 [pid 6035] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6034] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... openat resumed>) = 6 [pid 6035] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6035] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6034] <... futex resumed>) = 0 [pid 6035] write(6, "t", 1 [pid 6034] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... write resumed>) = 1 [ 227.337328][ T6035] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6035] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6035] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6034] <... futex resumed>) = 0 [pid 6035] sendfile(6, 5, NULL, 131071 [pid 6034] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 227.433194][ T6035] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 227.448863][ T6035] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 227.461224][ T6035] EXT4-fs (loop0): This should not happen!! Data will be lost [ 227.461224][ T6035] [ 227.471391][ T6035] EXT4-fs (loop0): Total free blocks count 0 [ 227.477428][ T6035] EXT4-fs (loop0): Free/Dirty block details [pid 6034] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6034] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[6039]}, 88) = 6039 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6034] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6039 attached ) = 0 [pid 6034] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6035] <... sendfile resumed>) = 75 [pid 6039] <... rseq resumed>) = 0 [pid 6035] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6039] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6039] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6039] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = 0 [pid 6034] <... futex resumed>) = 1 [pid 6035] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6034] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... mmap resumed>) = 0x20000000 [pid 6035] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6035] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6034] <... futex resumed>) = 0 [pid 6035] pipe2( [ 227.483428][ T6035] EXT4-fs (loop0): free_blocks=2415919104 [ 227.489199][ T6035] EXT4-fs (loop0): dirty_blocks=16 [ 227.494870][ T6035] EXT4-fs (loop0): Block reservation details [ 227.501247][ T6035] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6034] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6035] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6035] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] exit_group(0) = ? [pid 6039] <... futex resumed>) = ? [pid 6035] <... futex resumed>) = ? [pid 6039] +++ exited with 0 +++ [pid 6035] +++ exited with 0 +++ [pid 6034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./184", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./184/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./184/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/bus") = 0 umount2("./184/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 [ 227.633887][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6040 attached , child_tidptr=0x5555749a2690) = 6040 [pid 6040] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6040] chdir("./185") = 0 [pid 6040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6040] setpgid(0, 0) = 0 [pid 6040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6040] write(3, "1000", 4) = 4 [pid 6040] close(3) = 0 [pid 6040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6040] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6040] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6040] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6041 attached [pid 6041] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6040] <... clone3 resumed> => {parent_tid=[6041]}, 88) = 6041 [pid 6041] set_robust_list(0x7f03761f79a0, 24 [pid 6040] rt_sigprocmask(SIG_SETMASK, [], [pid 6041] <... set_robust_list resumed>) = 0 [pid 6040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6040] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] memfd_create("syzkaller", 0 [pid 6040] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6041] <... memfd_create resumed>) = 3 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6041] munmap(0x7f036dc00000, 138412032) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6041] close(3) = 0 [pid 6041] close(4) = 0 [pid 6041] mkdir("./bus", 0777) = 0 [ 227.914652][ T6041] loop0: detected capacity change from 0 to 2048 [pid 6041] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./bus") = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6041] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... futex resumed>) = 0 [pid 6040] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6041] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6040] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... openat resumed>) = 4 [pid 6041] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... futex resumed>) = 0 [pid 6040] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6041] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6040] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... openat resumed>) = 5 [pid 6041] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6041] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6040] <... futex resumed>) = 0 [pid 6041] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6040] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... openat resumed>) = 6 [pid 6041] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6041] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6040] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] write(6, "t", 1 [pid 6040] <... futex resumed>) = 0 [pid 6040] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... write resumed>) = 1 [pid 6041] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6041] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6040] <... futex resumed>) = 0 [pid 6041] sendfile(6, 5, NULL, 131071 [ 227.966472][ T6041] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6040] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6040] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6040] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 228.048766][ T6041] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 228.063900][ T6041] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 228.077098][ T6041] EXT4-fs (loop0): This should not happen!! Data will be lost [ 228.077098][ T6041] [ 228.087338][ T6041] EXT4-fs (loop0): Total free blocks count 0 [pid 6040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6045 attached [pid 6045] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6045] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], [pid 6041] <... sendfile resumed>) = 75 [pid 6045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6041] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] <... futex resumed>) = 0 [pid 6040] <... clone3 resumed> => {parent_tid=[6045]}, 88) = 6045 [pid 6041] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6040] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] <... futex resumed>) = 0 [pid 6040] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6045] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6045] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6041] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6040] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... mmap resumed>) = 0x20000000 [pid 6041] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6040] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] pipe2( [pid 6040] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6041] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6041] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] exit_group(0) = ? [pid 6045] <... futex resumed>) = ? [pid 6041] <... futex resumed>) = ? [pid 6045] +++ exited with 0 +++ [pid 6041] +++ exited with 0 +++ [pid 6040] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6040, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [ 228.093409][ T6041] EXT4-fs (loop0): Free/Dirty block details [ 228.099308][ T6041] EXT4-fs (loop0): free_blocks=2415919104 [ 228.105177][ T6041] EXT4-fs (loop0): dirty_blocks=16 [ 228.110408][ T6041] EXT4-fs (loop0): Block reservation details [ 228.116435][ T6041] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./185", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./185/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./185/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 228.193539][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./185/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/bus") = 0 umount2("./185/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6046 attached , child_tidptr=0x5555749a2690) = 6046 [pid 6046] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6046] chdir("./186") = 0 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6046] setpgid(0, 0) = 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6046] write(3, "1000", 4) = 4 [pid 6046] close(3) = 0 [pid 6046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6046] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6046] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6047 attached [pid 6047] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6047] set_robust_list(0x7f03761f79a0, 24 [pid 6046] <... clone3 resumed> => {parent_tid=[6047]}, 88) = 6047 [pid 6047] <... set_robust_list resumed>) = 0 [pid 6046] rt_sigprocmask(SIG_SETMASK, [], [pid 6047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6047] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6046] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6047] memfd_create("syzkaller", 0) = 3 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6047] munmap(0x7f036dc00000, 138412032) = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6047] close(3) = 0 [pid 6047] close(4) = 0 [pid 6047] mkdir("./bus", 0777) = 0 [ 228.644030][ T6047] loop0: detected capacity change from 0 to 2048 [pid 6047] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6047] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6047] chdir("./bus") = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6047] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6047] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6046] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... openat resumed>) = 4 [pid 6047] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6047] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6046] <... futex resumed>) = 0 [pid 6047] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6046] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... openat resumed>) = 5 [pid 6047] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6047] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6046] <... futex resumed>) = 0 [pid 6047] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6046] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... openat resumed>) = 6 [pid 6047] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6047] write(6, "t", 1 [pid 6046] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... write resumed>) = 1 [pid 6047] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] sendfile(6, 5, NULL, 131071 [ 228.695891][ T6047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6046] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6046] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6046] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6051 attached [pid 6051] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6046] <... clone3 resumed> => {parent_tid=[6051]}, 88) = 6051 [pid 6051] <... rseq resumed>) = 0 [pid 6046] rt_sigprocmask(SIG_SETMASK, [], [pid 6051] set_robust_list(0x7f03761d69a0, 24 [pid 6046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6046] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] rt_sigprocmask(SIG_SETMASK, [], [pid 6046] <... futex resumed>) = 0 [pid 6051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6046] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 228.793808][ T6047] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 228.811109][ T6047] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 228.823924][ T6047] EXT4-fs (loop0): This should not happen!! Data will be lost [ 228.823924][ T6047] [ 228.834753][ T6047] EXT4-fs (loop0): Total free blocks count 0 [pid 6051] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6051] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6046] <... futex resumed>) = 0 [pid 6051] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6046] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] <... mmap resumed>) = 0x20000000 [pid 6047] <... sendfile resumed>) = 75 [pid 6051] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6051] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... futex resumed>) = 1 [pid 6046] <... futex resumed>) = 0 [pid 6046] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6047] pipe2(0x20000240, 0) = 0 [pid 6047] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6047] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6046] <... futex resumed>) = 0 [pid 6046] exit_group(0 [pid 6047] <... futex resumed>) = ? [pid 6046] <... exit_group resumed>) = ? [pid 6047] +++ exited with 0 +++ [pid 6051] <... futex resumed>) = ? [pid 6051] +++ exited with 0 +++ [pid 6046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6046, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./186", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 228.840973][ T6047] EXT4-fs (loop0): Free/Dirty block details [ 228.847029][ T6047] EXT4-fs (loop0): free_blocks=2415919104 [ 228.853305][ T6047] EXT4-fs (loop0): dirty_blocks=16 [ 228.858468][ T6047] EXT4-fs (loop0): Block reservation details [ 228.864539][ T6047] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./186/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./186/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 228.953560][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/bus") = 0 umount2("./186/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6052 attached , child_tidptr=0x5555749a2690) = 6052 [pid 6052] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6052] chdir("./187") = 0 [pid 6052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6052] setpgid(0, 0) = 0 [pid 6052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6052] write(3, "1000", 4) = 4 [pid 6052] close(3) = 0 [pid 6052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6052] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6052] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6053 attached => {parent_tid=[6053]}, 88) = 6053 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6053] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6052] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] set_robust_list(0x7f03761f79a0, 24 [pid 6052] <... futex resumed>) = 0 [pid 6053] <... set_robust_list resumed>) = 0 [pid 6052] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6053] memfd_create("syzkaller", 0) = 3 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6053] munmap(0x7f036dc00000, 138412032) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6053] close(3) = 0 [pid 6053] close(4) = 0 [pid 6053] mkdir("./bus", 0777) = 0 [ 229.383245][ T6053] loop0: detected capacity change from 0 to 2048 [pid 6053] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6053] chdir("./bus") = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6053] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... futex resumed>) = 0 [pid 6053] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6052] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... openat resumed>) = 4 [pid 6053] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... futex resumed>) = 0 [pid 6053] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6052] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... openat resumed>) = 5 [pid 6053] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] <... futex resumed>) = 0 [ 229.434773][ T6053] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 229.457282][ T29] kauditd_printk_skb: 14 callbacks suppressed [pid 6052] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6052] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 6053] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] <... futex resumed>) = 0 [pid 6053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6052] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] write(6, "t", 1 [pid 6052] <... futex resumed>) = 0 [pid 6052] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] <... write resumed>) = 1 [pid 6053] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6052] <... futex resumed>) = 0 [pid 6052] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] sendfile(6, 5, NULL, 131071 [pid 6052] <... futex resumed>) = 0 [ 229.457306][ T29] audit: type=1804 audit(1714530498.265:664): pid=6053 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/187/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 229.503849][ T29] audit: type=1804 audit(1714530498.315:665): pid=6053 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/187/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6052] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6052] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6052] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6056 attached [pid 6056] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6056] set_robust_list(0x7f03761d69a0, 24 [pid 6052] <... clone3 resumed> => {parent_tid=[6056]}, 88) = 6056 [pid 6056] <... set_robust_list resumed>) = 0 [pid 6056] rt_sigprocmask(SIG_SETMASK, [], [pid 6052] rt_sigprocmask(SIG_SETMASK, [], [pid 6056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6056] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6052] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6056] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [ 229.588743][ T6053] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 229.605012][ T6053] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 229.617701][ T6053] EXT4-fs (loop0): This should not happen!! Data will be lost [ 229.617701][ T6053] [ 229.628263][ T6053] EXT4-fs (loop0): Total free blocks count 0 [pid 6052] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] <... futex resumed>) = 0 [pid 6052] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6056] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 229.636212][ T6053] EXT4-fs (loop0): Free/Dirty block details [ 229.639516][ T29] audit: type=1804 audit(1714530498.445:666): pid=6056 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/187/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 229.642650][ T6053] EXT4-fs (loop0): free_blocks=2415919104 [ 229.673951][ T6053] EXT4-fs (loop0): dirty_blocks=16 [ 229.679103][ T6053] EXT4-fs (loop0): Block reservation details [pid 6052] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] <... mmap resumed>) = 0x20000000 [pid 6053] <... sendfile resumed>) = 75 [pid 6056] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 0 [pid 6056] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6053] pipe2( [pid 6052] <... futex resumed>) = 0 [pid 6053] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6052] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6053] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6053] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6052] exit_group(0 [pid 6053] <... futex resumed>) = ? [pid 6052] <... exit_group resumed>) = ? [pid 6056] <... futex resumed>) = ? [pid 6053] +++ exited with 0 +++ [pid 6056] +++ exited with 0 +++ [pid 6052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6052, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [ 229.685163][ T6053] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./187", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./187/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./187/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 229.763335][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./187/bus") = 0 umount2("./187/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6057 attached , child_tidptr=0x5555749a2690) = 6057 [pid 6057] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6057] chdir("./188") = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6057] write(3, "1000", 4) = 4 [pid 6057] close(3) = 0 [pid 6057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6057] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6057] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6058 attached [pid 6058] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6057] <... clone3 resumed> => {parent_tid=[6058]}, 88) = 6058 [pid 6058] set_robust_list(0x7f03761f79a0, 24 [pid 6057] rt_sigprocmask(SIG_SETMASK, [], [pid 6058] <... set_robust_list resumed>) = 0 [pid 6057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6058] rt_sigprocmask(SIG_SETMASK, [], [pid 6057] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6057] <... futex resumed>) = 0 [pid 6058] memfd_create("syzkaller", 0 [pid 6057] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6058] <... memfd_create resumed>) = 3 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6058] munmap(0x7f036dc00000, 138412032) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6058] close(3) = 0 [pid 6058] close(4) = 0 [pid 6058] mkdir("./bus", 0777) = 0 [ 230.079365][ T6058] loop0: detected capacity change from 0 to 2048 [pid 6058] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6058] chdir("./bus") = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6058] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] <... futex resumed>) = 0 [pid 6058] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6057] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... openat resumed>) = 4 [pid 6058] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 230.125869][ T6058] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6058] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6058] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = 0 [pid 6057] <... futex resumed>) = 1 [pid 6058] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6057] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... openat resumed>) = 6 [pid 6058] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] write(6, "t", 1 [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... write resumed>) = 1 [pid 6058] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6058] sendfile(6, 5, NULL, 131071 [ 230.172722][ T29] audit: type=1804 audit(1714530498.985:667): pid=6058 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/188/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 230.196849][ T29] audit: type=1804 audit(1714530498.985:668): pid=6058 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/188/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6057] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6057] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6057] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 230.264246][ T6058] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 230.279720][ T6058] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 230.292076][ T6058] EXT4-fs (loop0): This should not happen!! Data will be lost [ 230.292076][ T6058] [ 230.301829][ T6058] EXT4-fs (loop0): Total free blocks count 0 [ 230.307852][ T6058] EXT4-fs (loop0): Free/Dirty block details [pid 6057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[6061]}, 88) = 6061 [pid 6057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6057] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6061 attached ) = 0 [pid 6057] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6061] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6058] <... sendfile resumed>) = 75 [pid 6061] rt_sigprocmask(SIG_SETMASK, [], [pid 6058] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6061] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6058] <... futex resumed>) = 0 [pid 6061] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6061] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 230.313840][ T6058] EXT4-fs (loop0): free_blocks=2415919104 [ 230.319679][ T6058] EXT4-fs (loop0): dirty_blocks=16 [ 230.324973][ T6058] EXT4-fs (loop0): Block reservation details [ 230.331071][ T6058] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6058] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6057] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] pipe2(0x20000240, 0) = 0 [pid 6058] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] <... futex resumed>) = 0 [pid 6057] exit_group(0) = ? [pid 6061] <... futex resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 6058] <... futex resumed>) = ? [pid 6058] +++ exited with 0 +++ [pid 6057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 230.350573][ T29] audit: type=1804 audit(1714530499.165:669): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/188/bus/bus" dev="loop0" ino=18 res=1 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./188/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./188/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 230.446892][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/bus") = 0 umount2("./188/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 6062 ./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6062] chdir("./189") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6062] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6062] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6063 attached => {parent_tid=[6063]}, 88) = 6063 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6063] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6063] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6063] memfd_create("syzkaller", 0) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6063] munmap(0x7f036dc00000, 138412032) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3) = 0 [pid 6063] close(4) = 0 [pid 6063] mkdir("./bus", 0777) = 0 [ 230.804360][ T6063] loop0: detected capacity change from 0 to 2048 [pid 6063] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./bus") = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6063] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] <... futex resumed>) = 0 [pid 6063] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6062] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... openat resumed>) = 4 [pid 6063] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 1 [ 230.846227][ T6063] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6063] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 6063] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 1 [pid 6063] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 6063] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] write(6, "t", 1) = 1 [pid 6063] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 1 [ 230.898902][ T29] audit: type=1804 audit(1714530499.705:670): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/189/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 230.923072][ T29] audit: type=1804 audit(1714530499.705:671): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/189/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6063] sendfile(6, 5, NULL, 131071 [pid 6062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6062] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[6066]}, 88) = 6066 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6066 attached [pid 6066] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6066] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 230.995993][ T6063] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 231.011365][ T6063] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 231.023656][ T6063] EXT4-fs (loop0): This should not happen!! Data will be lost [ 231.023656][ T6063] [ 231.033778][ T6063] EXT4-fs (loop0): Total free blocks count 0 [ 231.039815][ T6063] EXT4-fs (loop0): Free/Dirty block details [pid 6066] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6066] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] <... futex resumed>) = 0 [pid 6066] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 6066] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... futex resumed>) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 0 [pid 6066] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] <... futex resumed>) = 0 [pid 6063] pipe2(0x20000240, 0) = 0 [pid 6062] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6063] <... futex resumed>) = 0 [pid 6062] exit_group(0 [pid 6066] <... futex resumed>) = ? [pid 6062] <... exit_group resumed>) = ? [pid 6066] +++ exited with 0 +++ [pid 6063] +++ exited with 0 +++ [pid 6062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./189", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 231.045846][ T6063] EXT4-fs (loop0): free_blocks=2415919104 [ 231.049859][ T29] audit: type=1804 audit(1714530499.855:672): pid=6066 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/189/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 231.051639][ T6063] EXT4-fs (loop0): dirty_blocks=16 [ 231.051665][ T6063] EXT4-fs (loop0): Block reservation details [ 231.086391][ T6063] EXT4-fs (loop0): i_reserved_data_blocks=1 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./189/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./189/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 231.138880][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./189/bus") = 0 umount2("./189/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6067 attached , child_tidptr=0x5555749a2690) = 6067 [pid 6067] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6067] chdir("./190") = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] setpgid(0, 0) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6067] write(3, "1000", 4) = 4 [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6067] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6067] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6068 attached => {parent_tid=[6068]}, 88) = 6068 [pid 6068] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6067] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6068] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6068] memfd_create("syzkaller", 0) = 3 [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6068] munmap(0x7f036dc00000, 138412032) = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6068] close(3) = 0 [pid 6068] close(4) = 0 [pid 6068] mkdir("./bus", 0777) = 0 [ 231.467821][ T6068] loop0: detected capacity change from 0 to 2048 [pid 6068] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6068] chdir("./bus") = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6068] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6068] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... openat resumed>) = 4 [pid 6068] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] <... futex resumed>) = 1 [pid 6067] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [ 231.516125][ T6068] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6068] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [pid 6068] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6067] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... openat resumed>) = 6 [pid 6068] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6068] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 6068] write(6, "t", 1 [ 231.557891][ T29] audit: type=1804 audit(1714530500.365:673): pid=6068 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/190/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6067] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... write resumed>) = 1 [pid 6068] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6068] <... futex resumed>) = 1 [pid 6067] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] sendfile(6, 5, NULL, 131071 [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6067] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6067] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 231.677198][ T6068] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 231.692597][ T6068] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 231.705074][ T6068] EXT4-fs (loop0): This should not happen!! Data will be lost [ 231.705074][ T6068] [ 231.715304][ T6068] EXT4-fs (loop0): Total free blocks count 0 [pid 6067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6071 attached [pid 6071] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6067] <... clone3 resumed> => {parent_tid=[6071]}, 88) = 6071 [pid 6071] <... rseq resumed>) = 0 [pid 6067] rt_sigprocmask(SIG_SETMASK, [], [pid 6071] set_robust_list(0x7f03761d69a0, 24 [pid 6067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6071] <... set_robust_list resumed>) = 0 [pid 6071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6067] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6067] <... futex resumed>) = 0 [pid 6071] <... open resumed>) = 7 [pid 6067] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6071] <... futex resumed>) = 1 [pid 6067] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] <... mmap resumed>) = 0x20000000 [pid 6068] <... sendfile resumed>) = 75 [pid 6068] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = 0 [pid 6071] <... futex resumed>) = 1 [pid 6067] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6068] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [pid 6068] pipe2( [pid 6067] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6068] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6068] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] exit_group(0 [pid 6071] <... futex resumed>) = ? [pid 6068] <... futex resumed>) = ? [pid 6067] <... exit_group resumed>) = ? [pid 6071] +++ exited with 0 +++ [pid 6068] +++ exited with 0 +++ [pid 6067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 231.722443][ T6068] EXT4-fs (loop0): Free/Dirty block details [ 231.729165][ T6068] EXT4-fs (loop0): free_blocks=2415919104 [ 231.735855][ T6068] EXT4-fs (loop0): dirty_blocks=16 [ 231.741338][ T6068] EXT4-fs (loop0): Block reservation details [ 231.748543][ T6068] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./190", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./190/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./190/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/bus") = 0 [ 231.843819][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 umount2("./190/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached , child_tidptr=0x5555749a2690) = 6072 [pid 6072] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6072] chdir("./191") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] write(3, "1000", 4) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6072] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6072] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6073 attached [pid 6073] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6072] <... clone3 resumed> => {parent_tid=[6073]}, 88) = 6073 [pid 6073] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6073] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6072] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] memfd_create("syzkaller", 0 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] <... memfd_create resumed>) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6073] munmap(0x7f036dc00000, 138412032) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6073] close(3) = 0 [pid 6073] close(4) = 0 [pid 6073] mkdir("./bus", 0777) = 0 [ 232.165785][ T6073] loop0: detected capacity change from 0 to 2048 [pid 6073] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] chdir("./bus") = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6073] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6072] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 232.234983][ T6073] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6072] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... openat resumed>) = 4 [pid 6073] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6072] <... futex resumed>) = 0 [pid 6073] <... openat resumed>) = 5 [pid 6072] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6073] <... futex resumed>) = 0 [pid 6072] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... openat resumed>) = 6 [pid 6073] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6073] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6072] <... futex resumed>) = 1 [pid 6073] write(6, "t", 1 [pid 6072] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... write resumed>) = 1 [pid 6073] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] sendfile(6, 5, NULL, 131071 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6072] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6072] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 232.380192][ T6073] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 232.395683][ T6073] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 232.408022][ T6073] EXT4-fs (loop0): This should not happen!! Data will be lost [ 232.408022][ T6073] [ 232.418047][ T6073] EXT4-fs (loop0): Total free blocks count 0 [ 232.424138][ T6073] EXT4-fs (loop0): Free/Dirty block details [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6076 attached [pid 6076] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6073] <... sendfile resumed>) = 75 [pid 6072] <... clone3 resumed> => {parent_tid=[6076]}, 88) = 6076 [pid 6076] set_robust_list(0x7f03761d69a0, 24 [pid 6073] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6076] <... set_robust_list resumed>) = 0 [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6076] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6076] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6072] <... futex resumed>) = 0 [pid 6076] <... open resumed>) = 7 [pid 6072] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6076] <... futex resumed>) = 1 [pid 6073] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... futex resumed>) = 0 [pid 6076] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = 0 [pid 6072] <... futex resumed>) = 1 [pid 6073] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6072] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... mmap resumed>) = 0x20000000 [pid 6073] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] pipe2( [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6073] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] exit_group(0 [pid 6073] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6076] <... futex resumed>) = ? [ 232.430172][ T6073] EXT4-fs (loop0): free_blocks=2415919104 [ 232.436169][ T6073] EXT4-fs (loop0): dirty_blocks=16 [ 232.442537][ T6073] EXT4-fs (loop0): Block reservation details [ 232.449558][ T6073] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6073] <... futex resumed>) = ? [pid 6072] <... exit_group resumed>) = ? [pid 6076] +++ exited with 0 +++ [pid 6073] +++ exited with 0 +++ [pid 6072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./191", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./191/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./191/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 232.531966][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/bus") = 0 umount2("./191/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6077 attached , child_tidptr=0x5555749a2690) = 6077 [pid 6077] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6077] chdir("./192") = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6077] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6077] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6078 attached [pid 6078] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6077] <... clone3 resumed> => {parent_tid=[6078]}, 88) = 6078 [pid 6078] set_robust_list(0x7f03761f79a0, 24 [pid 6077] rt_sigprocmask(SIG_SETMASK, [], [pid 6078] <... set_robust_list resumed>) = 0 [pid 6077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], [pid 6077] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6077] <... futex resumed>) = 0 [pid 6078] memfd_create("syzkaller", 0 [pid 6077] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6078] <... memfd_create resumed>) = 3 [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6078] munmap(0x7f036dc00000, 138412032) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6078] close(3) = 0 [pid 6078] close(4) = 0 [pid 6078] mkdir("./bus", 0777) = 0 [ 232.864212][ T6078] loop0: detected capacity change from 0 to 2048 [pid 6078] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6078] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6078] chdir("./bus") = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6078] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6077] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... openat resumed>) = 4 [pid 6078] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6078] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6077] <... futex resumed>) = 0 [pid 6078] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6077] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... openat resumed>) = 5 [pid 6078] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6078] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6078] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... openat resumed>) = 6 [pid 6078] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6078] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6077] <... futex resumed>) = 0 [pid 6078] write(6, "t", 1 [pid 6077] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... write resumed>) = 1 [pid 6078] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [ 232.915251][ T6078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6078] sendfile(6, 5, NULL, 131071 [pid 6077] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6077] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6077] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[6081]}, 88) = 6081 [pid 6077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6077] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6081 attached [pid 6081] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [ 233.014006][ T6078] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 233.029323][ T6078] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 233.043014][ T6078] EXT4-fs (loop0): This should not happen!! Data will be lost [ 233.043014][ T6078] [ 233.053824][ T6078] EXT4-fs (loop0): Total free blocks count 0 [pid 6081] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6081] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... sendfile resumed>) = 75 [pid 6077] <... futex resumed>) = 0 [pid 6078] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 0 [pid 6078] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] <... futex resumed>) = 1 [pid 6081] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6077] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] <... mmap resumed>) = 0x20000000 [pid 6081] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 1 [pid 6077] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] <... futex resumed>) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6077] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] pipe2(0x20000240, 0) = 0 [pid 6078] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6077] exit_group(0 [pid 6081] <... futex resumed>) = ? [pid 6077] <... exit_group resumed>) = ? [pid 6081] +++ exited with 0 +++ [pid 6078] +++ exited with 0 +++ [pid 6077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [ 233.060162][ T6078] EXT4-fs (loop0): Free/Dirty block details [ 233.066092][ T6078] EXT4-fs (loop0): free_blocks=2415919104 [ 233.072126][ T6078] EXT4-fs (loop0): dirty_blocks=16 [ 233.077338][ T6078] EXT4-fs (loop0): Block reservation details [ 233.083376][ T6078] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./192", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./192/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./192/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 233.153823][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/bus") = 0 umount2("./192/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6082 attached , child_tidptr=0x5555749a2690) = 6082 [pid 6082] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6082] chdir("./193") = 0 [pid 6082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6082] setpgid(0, 0) = 0 [pid 6082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6082] write(3, "1000", 4) = 4 [pid 6082] close(3) = 0 [pid 6082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6082] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6082] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6083 attached => {parent_tid=[6083]}, 88) = 6083 [pid 6083] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6083] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], [pid 6082] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6082] <... futex resumed>) = 0 [pid 6083] memfd_create("syzkaller", 0 [pid 6082] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6083] <... memfd_create resumed>) = 3 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6083] munmap(0x7f036dc00000, 138412032) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6083] close(3) = 0 [pid 6083] close(4) = 0 [pid 6083] mkdir("./bus", 0777) = 0 [ 233.484289][ T6083] loop0: detected capacity change from 0 to 2048 [pid 6083] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6083] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6083] chdir("./bus") = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6083] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6082] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4 [pid 6083] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6082] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 233.528837][ T6083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6083] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 6083] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6083] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... openat resumed>) = 6 [pid 6083] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6083] <... futex resumed>) = 1 [pid 6082] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] write(6, "t", 1 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... write resumed>) = 1 [pid 6083] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6082] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] sendfile(6, 5, NULL, 131071 [pid 6082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6082] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6082] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6087 attached [pid 6087] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6087] set_robust_list(0x7f03761d69a0, 24 [pid 6082] <... clone3 resumed> => {parent_tid=[6087]}, 88) = 6087 [pid 6087] <... set_robust_list resumed>) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6087] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6082] <... futex resumed>) = 0 [pid 6087] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [ 233.655182][ T6083] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 233.672176][ T6083] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 233.684653][ T6083] EXT4-fs (loop0): This should not happen!! Data will be lost [ 233.684653][ T6083] [ 233.694937][ T6083] EXT4-fs (loop0): Total free blocks count 0 [pid 6082] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... open resumed>) = 7 [pid 6087] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6087] <... futex resumed>) = 1 [pid 6082] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6082] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... mmap resumed>) = 0x20000000 [pid 6083] <... sendfile resumed>) = 75 [pid 6087] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 0 [pid 6087] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6083] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6082] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] pipe2( [pid 6082] <... futex resumed>) = 0 [pid 6083] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6082] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] exit_group(0 [pid 6087] <... futex resumed>) = ? [pid 6083] <... futex resumed>) = ? [pid 6082] <... exit_group resumed>) = ? [pid 6087] +++ exited with 0 +++ [pid 6083] +++ exited with 0 +++ [pid 6082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6082, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./193", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 233.701964][ T6083] EXT4-fs (loop0): Free/Dirty block details [ 233.707967][ T6083] EXT4-fs (loop0): free_blocks=2415919104 [ 233.713903][ T6083] EXT4-fs (loop0): dirty_blocks=16 [ 233.719132][ T6083] EXT4-fs (loop0): Block reservation details [ 233.725294][ T6083] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./193/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./193/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 233.830190][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/bus") = 0 umount2("./193/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6088 attached , child_tidptr=0x5555749a2690) = 6088 [pid 6088] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6088] chdir("./194") = 0 [pid 6088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6088] setpgid(0, 0) = 0 [pid 6088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6088] write(3, "1000", 4) = 4 [pid 6088] close(3) = 0 [pid 6088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6088] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6088] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6089 attached => {parent_tid=[6089]}, 88) = 6089 [pid 6088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6088] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6089] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6089] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6089] memfd_create("syzkaller", 0) = 3 [pid 6089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6089] munmap(0x7f036dc00000, 138412032) = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6089] close(3) = 0 [pid 6089] close(4) = 0 [pid 6089] mkdir("./bus", 0777) = 0 [ 234.184259][ T6089] loop0: detected capacity change from 0 to 2048 [pid 6089] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6089] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6089] chdir("./bus") = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6089] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6089] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] <... futex resumed>) = 0 [pid 6088] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... futex resumed>) = 0 [pid 6089] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6088] <... futex resumed>) = 1 [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... openat resumed>) = 4 [pid 6089] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6089] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6088] <... futex resumed>) = 0 [pid 6089] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... openat resumed>) = 5 [pid 6089] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = 1 [pid 6088] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6088] <... futex resumed>) = 0 [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... openat resumed>) = 6 [pid 6089] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = 1 [pid 6088] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] write(6, "t", 1 [pid 6088] <... futex resumed>) = 0 [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... write resumed>) = 1 [pid 6089] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6089] sendfile(6, 5, NULL, 131071 [pid 6088] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 234.232407][ T6089] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6088] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6088] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6092 attached [pid 6092] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6088] <... clone3 resumed> => {parent_tid=[6092]}, 88) = 6092 [pid 6092] <... rseq resumed>) = 0 [pid 6088] rt_sigprocmask(SIG_SETMASK, [], [pid 6092] set_robust_list(0x7f03761d69a0, 24 [pid 6088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6092] <... set_robust_list resumed>) = 0 [pid 6088] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] rt_sigprocmask(SIG_SETMASK, [], [pid 6088] <... futex resumed>) = 0 [pid 6092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6088] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 234.336538][ T6089] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 234.352172][ T6089] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 234.364552][ T6089] EXT4-fs (loop0): This should not happen!! Data will be lost [ 234.364552][ T6089] [ 234.374574][ T6089] EXT4-fs (loop0): Total free blocks count 0 [ 234.380710][ T6089] EXT4-fs (loop0): Free/Dirty block details [pid 6092] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6092] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6092] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6088] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... mmap resumed>) = 0x20000000 [pid 6089] <... sendfile resumed>) = 75 [pid 6092] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6092] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 6088] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6089] <... futex resumed>) = 1 [pid 6089] pipe2(0x20000240, 0) = 0 [pid 6089] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = 1 [pid 6088] exit_group(0 [pid 6092] <... futex resumed>) = ? [pid 6088] <... exit_group resumed>) = ? [ 234.388784][ T6089] EXT4-fs (loop0): free_blocks=2415919104 [ 234.394720][ T6089] EXT4-fs (loop0): dirty_blocks=16 [ 234.400725][ T6089] EXT4-fs (loop0): Block reservation details [ 234.407124][ T6089] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6092] +++ exited with 0 +++ [pid 6089] +++ exited with 0 +++ [pid 6088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6088, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./194", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./194/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./194/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 234.478326][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/bus") = 0 umount2("./194/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6093 attached , child_tidptr=0x5555749a2690) = 6093 [pid 6093] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6093] chdir("./195") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6093] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6093] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6094 attached [pid 6094] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6093] <... clone3 resumed> => {parent_tid=[6094]}, 88) = 6094 [pid 6094] set_robust_list(0x7f03761f79a0, 24 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], [pid 6094] <... set_robust_list resumed>) = 0 [pid 6094] rt_sigprocmask(SIG_SETMASK, [], [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6093] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] memfd_create("syzkaller", 0 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6094] <... memfd_create resumed>) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6094] munmap(0x7f036dc00000, 138412032) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6094] close(3) = 0 [pid 6094] close(4) = 0 [pid 6094] mkdir("./bus", 0777) = 0 [ 234.816991][ T6094] loop0: detected capacity change from 0 to 2048 [pid 6094] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] chdir("./bus") = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6094] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... openat resumed>) = 4 [pid 6094] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... openat resumed>) = 5 [ 234.874734][ T6094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6094] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... futex resumed>) = 1 [pid 6094] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 6094] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] write(6, "t", 1 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... write resumed>) = 1 [pid 6094] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [pid 6094] sendfile(6, 5, NULL, 131071 [ 234.927153][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 234.927176][ T29] audit: type=1804 audit(1714530503.735:688): pid=6094 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/195/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6093] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 234.957810][ T29] audit: type=1804 audit(1714530503.735:689): pid=6094 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/195/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6093] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6093] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6097 attached [pid 6097] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6093] <... clone3 resumed> => {parent_tid=[6097]}, 88) = 6097 [pid 6097] set_robust_list(0x7f03761d69a0, 24 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], [pid 6097] <... set_robust_list resumed>) = 0 [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6093] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6093] <... futex resumed>) = 0 [pid 6097] <... open resumed>) = 7 [pid 6093] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 235.002693][ T6094] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 235.018227][ T6094] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 235.030576][ T6094] EXT4-fs (loop0): This should not happen!! Data will be lost [ 235.030576][ T6094] [ 235.040311][ T6094] EXT4-fs (loop0): Total free blocks count 0 [ 235.046345][ T6094] EXT4-fs (loop0): Free/Dirty block details [pid 6097] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... mmap resumed>) = 0x20000000 [pid 6094] <... sendfile resumed>) = 75 [pid 6097] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6097] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] <... futex resumed>) = 0 [pid 6093] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] pipe2( [pid 6093] <... futex resumed>) = 0 [pid 6094] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6094] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... futex resumed>) = 0 [pid 6094] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] exit_group(0 [pid 6097] <... futex resumed>) = ? [pid 6094] <... futex resumed>) = ? [pid 6097] +++ exited with 0 +++ [pid 6094] +++ exited with 0 +++ [pid 6093] <... exit_group resumed>) = ? [ 235.052393][ T29] audit: type=1804 audit(1714530503.855:690): pid=6097 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/195/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 235.075978][ T6094] EXT4-fs (loop0): free_blocks=2415919104 [ 235.081808][ T6094] EXT4-fs (loop0): dirty_blocks=16 [ 235.086954][ T6094] EXT4-fs (loop0): Block reservation details [ 235.093925][ T6094] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./195/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./195/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 235.171855][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/bus") = 0 umount2("./195/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6098 attached , child_tidptr=0x5555749a2690) = 6098 [pid 6098] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6098] chdir("./196") = 0 [pid 6098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6098] setpgid(0, 0) = 0 [pid 6098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6098] write(3, "1000", 4) = 4 [pid 6098] close(3) = 0 [pid 6098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6098] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6098] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6099 attached [pid 6099] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6098] <... clone3 resumed> => {parent_tid=[6099]}, 88) = 6099 [pid 6099] set_robust_list(0x7f03761f79a0, 24 [pid 6098] rt_sigprocmask(SIG_SETMASK, [], [pid 6099] <... set_robust_list resumed>) = 0 [pid 6098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], [pid 6098] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6099] memfd_create("syzkaller", 0 [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6099] <... memfd_create resumed>) = 3 [pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6099] munmap(0x7f036dc00000, 138412032) = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6099] close(3) = 0 [pid 6099] close(4) = 0 [pid 6099] mkdir("./bus", 0777) = 0 [ 235.517239][ T6099] loop0: detected capacity change from 0 to 2048 [pid 6099] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6099] chdir("./bus") = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6099] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6099] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6098] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... openat resumed>) = 4 [pid 6099] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6099] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6098] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... openat resumed>) = 5 [ 235.558314][ T6099] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6099] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6099] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6098] <... futex resumed>) = 0 [pid 6099] <... openat resumed>) = 6 [pid 6098] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] write(6, "t", 1) = 1 [pid 6099] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 0 [pid 6098] <... futex resumed>) = 1 [pid 6099] sendfile(6, 5, NULL, 131071 [ 235.610980][ T29] audit: type=1804 audit(1714530504.425:691): pid=6099 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/196/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 235.636636][ T29] audit: type=1804 audit(1714530504.435:692): pid=6099 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/196/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6098] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6098] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6098] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 235.686360][ T6099] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 235.701912][ T6099] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 235.714697][ T6099] EXT4-fs (loop0): This should not happen!! Data will be lost [ 235.714697][ T6099] [ 235.725080][ T6099] EXT4-fs (loop0): Total free blocks count 0 [pid 6098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6102 attached [pid 6102] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6102] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6098] <... clone3 resumed> => {parent_tid=[6102]}, 88) = 6102 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6098] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6098] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6098] <... futex resumed>) = 1 [pid 6102] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6099] <... sendfile resumed>) = 75 [pid 6098] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6098] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 0 [pid 6099] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6098] <... futex resumed>) = 1 [pid 6098] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... mmap resumed>) = 0x20000000 [pid 6099] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... futex resumed>) = 1 [pid 6099] pipe2(0x20000240, 0) = 0 [pid 6099] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 0 [pid 6098] exit_group(0) = ? [pid 6102] <... futex resumed>) = ? [pid 6099] <... futex resumed>) = ? [pid 6102] +++ exited with 0 +++ [pid 6099] +++ exited with 0 +++ [pid 6098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6098, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [ 235.731297][ T6099] EXT4-fs (loop0): Free/Dirty block details [ 235.737508][ T6099] EXT4-fs (loop0): free_blocks=2415919104 [ 235.743677][ T6099] EXT4-fs (loop0): dirty_blocks=16 [ 235.748830][ T6099] EXT4-fs (loop0): Block reservation details [ 235.754934][ T6099] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 235.759102][ T29] audit: type=1804 audit(1714530504.565:693): pid=6102 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/196/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./196", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./196/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./196/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 235.881871][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/bus") = 0 umount2("./196/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6103 attached , child_tidptr=0x5555749a2690) = 6103 [pid 6103] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6103] chdir("./197") = 0 [pid 6103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6103] setpgid(0, 0) = 0 [pid 6103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6103] write(3, "1000", 4) = 4 [pid 6103] close(3) = 0 [pid 6103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6103] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6103] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6104 attached [pid 6104] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6104] set_robust_list(0x7f03761f79a0, 24 [pid 6103] <... clone3 resumed> => {parent_tid=[6104]}, 88) = 6104 [pid 6104] <... set_robust_list resumed>) = 0 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], [pid 6104] rt_sigprocmask(SIG_SETMASK, [], [pid 6103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6103] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] memfd_create("syzkaller", 0 [pid 6103] <... futex resumed>) = 0 [pid 6103] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6104] <... memfd_create resumed>) = 3 [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6104] munmap(0x7f036dc00000, 138412032) = 0 [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6104] close(3) = 0 [pid 6104] close(4) = 0 [pid 6104] mkdir("./bus", 0777) = 0 [ 236.221591][ T6104] loop0: detected capacity change from 0 to 2048 [pid 6104] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6104] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6104] chdir("./bus") = 0 [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6104] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6104] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6103] <... futex resumed>) = 1 [pid 6104] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6103] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... openat resumed>) = 4 [pid 6104] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6104] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6103] <... futex resumed>) = 0 [pid 6104] openat(AT_FDCWD, "./bus", O_RDONLY [ 236.275877][ T6104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6103] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... openat resumed>) = 5 [pid 6104] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6104] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6103] <... futex resumed>) = 0 [pid 6104] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6103] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... openat resumed>) = 6 [pid 6104] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [ 236.321248][ T29] audit: type=1804 audit(1714530505.135:694): pid=6104 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/197/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6104] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6103] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] write(6, "t", 1 [pid 6103] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... write resumed>) = 1 [pid 6104] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6104] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6103] <... futex resumed>) = 1 [pid 6104] sendfile(6, 5, NULL, 131071 [ 236.349442][ T29] audit: type=1804 audit(1714530505.155:695): pid=6104 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/197/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6103] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6103] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6103] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 236.429174][ T6104] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 236.444676][ T6104] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 236.457243][ T6104] EXT4-fs (loop0): This should not happen!! Data will be lost [ 236.457243][ T6104] [ 236.467278][ T6104] EXT4-fs (loop0): Total free blocks count 0 [pid 6103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6108 attached => {parent_tid=[6108]}, 88) = 6108 [pid 6108] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6108] set_robust_list(0x7f03761d69a0, 24 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], [pid 6108] <... set_robust_list resumed>) = 0 [pid 6103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], [pid 6103] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6103] <... futex resumed>) = 0 [pid 6108] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6103] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] <... open resumed>) = 7 [pid 6108] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... sendfile resumed>) = 75 [pid 6103] <... futex resumed>) = 0 [pid 6103] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6104] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] <... futex resumed>) = 0 [pid 6103] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] <... mmap resumed>) = 0x20000000 [pid 6108] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6108] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6104] pipe2( [pid 6103] <... futex resumed>) = 1 [pid 6103] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6104] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6104] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] exit_group(0 [pid 6104] <... futex resumed>) = ? [pid 6108] <... futex resumed>) = ? [pid 6104] +++ exited with 0 +++ [pid 6103] <... exit_group resumed>) = ? [pid 6108] +++ exited with 0 +++ [ 236.474194][ T6104] EXT4-fs (loop0): Free/Dirty block details [ 236.480768][ T6104] EXT4-fs (loop0): free_blocks=2415919104 [ 236.486825][ T6104] EXT4-fs (loop0): dirty_blocks=16 [ 236.493095][ T6104] EXT4-fs (loop0): Block reservation details [ 236.496066][ T29] audit: type=1804 audit(1714530505.305:696): pid=6108 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/197/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 236.499783][ T6104] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6103, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./197", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./197/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./197/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 236.577332][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/bus") = 0 umount2("./197/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6109 attached [pid 6109] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6109] chdir("./198") = 0 [pid 5080] <... clone resumed>, child_tidptr=0x5555749a2690) = 6109 [pid 6109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6109] setpgid(0, 0) = 0 [pid 6109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6109] write(3, "1000", 4) = 4 [pid 6109] close(3) = 0 [pid 6109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6109] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6109] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6109] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6110 attached [pid 6110] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6110] set_robust_list(0x7f03761f79a0, 24 [pid 6109] <... clone3 resumed> => {parent_tid=[6110]}, 88) = 6110 [pid 6110] <... set_robust_list resumed>) = 0 [pid 6109] rt_sigprocmask(SIG_SETMASK, [], [pid 6110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6110] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6109] <... futex resumed>) = 0 [pid 6110] memfd_create("syzkaller", 0 [pid 6109] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6110] <... memfd_create resumed>) = 3 [pid 6110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6110] munmap(0x7f036dc00000, 138412032) = 0 [pid 6110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6110] close(3) = 0 [pid 6110] close(4) = 0 [pid 6110] mkdir("./bus", 0777) = 0 [ 236.908344][ T6110] loop0: detected capacity change from 0 to 2048 [pid 6110] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6110] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6110] chdir("./bus") = 0 [pid 6110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6110] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6110] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6109] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... openat resumed>) = 4 [pid 6110] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6110] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6109] <... futex resumed>) = 0 [pid 6110] openat(AT_FDCWD, "./bus", O_RDONLY [ 236.955297][ T6110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6109] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... openat resumed>) = 5 [pid 6110] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6110] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6109] <... futex resumed>) = 0 [pid 6110] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6109] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... openat resumed>) = 6 [pid 6110] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6110] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] <... futex resumed>) = 0 [pid 6110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6109] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] write(6, "t", 1 [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... write resumed>) = 1 [pid 6110] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6110] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = 0 [pid 6110] sendfile(6, 5, NULL, 131071 [pid 6109] <... futex resumed>) = 1 [ 236.987702][ T29] audit: type=1804 audit(1714530505.795:697): pid=6110 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/198/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6109] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6109] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 237.089016][ T6110] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 237.104542][ T6110] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 237.117611][ T6110] EXT4-fs (loop0): This should not happen!! Data will be lost [ 237.117611][ T6110] [ 237.128229][ T6110] EXT4-fs (loop0): Total free blocks count 0 [pid 6109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6109] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6113 attached [pid 6113] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6109] <... clone3 resumed> => {parent_tid=[6113]}, 88) = 6113 [pid 6113] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6109] rt_sigprocmask(SIG_SETMASK, [], [pid 6113] rt_sigprocmask(SIG_SETMASK, [], [pid 6109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6109] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6110] <... sendfile resumed>) = 75 [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6110] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6110] <... futex resumed>) = 0 [pid 6113] <... futex resumed>) = 1 [pid 6110] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6109] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6110] pipe2(0x20000240, 0) = 0 [pid 6110] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6110] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] exit_group(0 [pid 6110] <... futex resumed>) = ? [pid 6113] <... futex resumed>) = ? [pid 6109] <... exit_group resumed>) = ? [pid 6113] +++ exited with 0 +++ [pid 6110] +++ exited with 0 +++ [pid 6109] +++ exited with 0 +++ [ 237.134876][ T6110] EXT4-fs (loop0): Free/Dirty block details [ 237.141096][ T6110] EXT4-fs (loop0): free_blocks=2415919104 [ 237.147397][ T6110] EXT4-fs (loop0): dirty_blocks=16 [ 237.153144][ T6110] EXT4-fs (loop0): Block reservation details [ 237.162000][ T6110] EXT4-fs (loop0): i_reserved_data_blocks=1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6109, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./198", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./198/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./198/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 [ 237.253342][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 close(4) = 0 rmdir("./198/bus") = 0 umount2("./198/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6114 attached , child_tidptr=0x5555749a2690) = 6114 [pid 6114] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6114] chdir("./199") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6114] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6114] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6115 attached [pid 6115] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6114] <... clone3 resumed> => {parent_tid=[6115]}, 88) = 6115 [pid 6115] <... rseq resumed>) = 0 [pid 6115] set_robust_list(0x7f03761f79a0, 24 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6115] <... set_robust_list resumed>) = 0 [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6115] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6114] <... futex resumed>) = 0 [pid 6115] memfd_create("syzkaller", 0 [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] <... memfd_create resumed>) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6115] munmap(0x7f036dc00000, 138412032) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6115] close(3) = 0 [pid 6115] close(4) = 0 [pid 6115] mkdir("./bus", 0777) = 0 [ 237.617867][ T6115] loop0: detected capacity change from 0 to 2048 [pid 6115] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6115] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] chdir("./bus") = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6115] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] <... futex resumed>) = 0 [pid 6115] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... openat resumed>) = 4 [pid 6115] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] <... futex resumed>) = 0 [pid 6115] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... openat resumed>) = 5 [pid 6115] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6115] <... futex resumed>) = 1 [pid 6114] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6114] <... futex resumed>) = 0 [pid 6115] <... openat resumed>) = 6 [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6115] <... futex resumed>) = 1 [pid 6114] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] write(6, "t", 1 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... write resumed>) = 1 [pid 6115] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [ 237.666320][ T6115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6115] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] <... futex resumed>) = 0 [pid 6115] sendfile(6, 5, NULL, 131071 [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6114] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6114] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 237.769409][ T6115] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 237.784840][ T6115] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 237.797564][ T6115] EXT4-fs (loop0): This should not happen!! Data will be lost [ 237.797564][ T6115] [ 237.809054][ T6115] EXT4-fs (loop0): Total free blocks count 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6118 attached [pid 6118] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6118] set_robust_list(0x7f03761d69a0, 24 [pid 6114] <... clone3 resumed> => {parent_tid=[6118]}, 88) = 6118 [pid 6118] <... set_robust_list resumed>) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6118] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6118] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6114] <... futex resumed>) = 0 [pid 6118] <... open resumed>) = 7 [pid 6114] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... sendfile resumed>) = 75 [pid 6115] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6118] <... futex resumed>) = 1 [pid 6114] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6115] <... mmap resumed>) = 0x20000000 [pid 6115] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] pipe2( [pid 6114] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 0 [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6115] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] exit_group(0 [pid 6118] <... futex resumed>) = ? [pid 6115] <... futex resumed>) = ? [pid 6114] <... exit_group resumed>) = ? [pid 6118] +++ exited with 0 +++ [pid 6115] +++ exited with 0 +++ [ 237.815405][ T6115] EXT4-fs (loop0): Free/Dirty block details [ 237.821494][ T6115] EXT4-fs (loop0): free_blocks=2415919104 [ 237.827601][ T6115] EXT4-fs (loop0): dirty_blocks=16 [ 237.833192][ T6115] EXT4-fs (loop0): Block reservation details [ 237.839239][ T6115] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./199", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./199/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./199/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 237.925574][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/bus") = 0 umount2("./199/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6119 attached , child_tidptr=0x5555749a2690) = 6119 [pid 6119] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6119] chdir("./200") = 0 [pid 6119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6119] setpgid(0, 0) = 0 [pid 6119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6119] write(3, "1000", 4) = 4 [pid 6119] close(3) = 0 [pid 6119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6119] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6119] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6120 attached [pid 6120] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6119] <... clone3 resumed> => {parent_tid=[6120]}, 88) = 6120 [pid 6120] <... rseq resumed>) = 0 [pid 6119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6119] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 6119] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6120] memfd_create("syzkaller", 0) = 3 [pid 6120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6120] munmap(0x7f036dc00000, 138412032) = 0 [pid 6120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6120] close(3) = 0 [pid 6120] close(4) = 0 [pid 6120] mkdir("./bus", 0777) = 0 [ 238.286646][ T6120] loop0: detected capacity change from 0 to 2048 [pid 6120] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6120] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6120] chdir("./bus") = 0 [pid 6120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6120] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] <... futex resumed>) = 0 [pid 6120] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6119] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... openat resumed>) = 4 [pid 6120] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] <... futex resumed>) = 0 [pid 6120] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6119] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... openat resumed>) = 5 [ 238.345391][ T6120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6120] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... openat resumed>) = 6 [pid 6120] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] <... futex resumed>) = 0 [pid 6120] write(6, "t", 1 [pid 6119] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... write resumed>) = 1 [pid 6120] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] <... futex resumed>) = 0 [pid 6120] sendfile(6, 5, NULL, 131071 [pid 6119] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6119] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 238.484176][ T6120] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 238.499666][ T6120] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 238.512527][ T6120] EXT4-fs (loop0): This should not happen!! Data will be lost [ 238.512527][ T6120] [ 238.522431][ T6120] EXT4-fs (loop0): Total free blocks count 0 [pid 6119] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6120] <... sendfile resumed>) = 75 [pid 6119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 6120] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6123 attached [pid 6119] <... clone3 resumed> => {parent_tid=[6123]}, 88) = 6123 [pid 6123] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6120] <... futex resumed>) = 0 [pid 6123] <... rseq resumed>) = 0 [pid 6120] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6119] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6123] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6123] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6119] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6120] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6119] <... futex resumed>) = 1 [pid 6120] pipe2( [pid 6119] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6120] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [ 238.530189][ T6120] EXT4-fs (loop0): Free/Dirty block details [ 238.536613][ T6120] EXT4-fs (loop0): free_blocks=2415919104 [ 238.542743][ T6120] EXT4-fs (loop0): dirty_blocks=16 [ 238.547899][ T6120] EXT4-fs (loop0): Block reservation details [ 238.554423][ T6120] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6120] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] exit_group(0 [pid 6120] <... futex resumed>) = ? [pid 6123] <... futex resumed>) = ? [pid 6120] +++ exited with 0 +++ [pid 6119] <... exit_group resumed>) = ? [pid 6123] +++ exited with 0 +++ [pid 6119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6119, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./200/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./200/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 238.667796][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./200/bus") = 0 umount2("./200/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 6124 ./strace-static-x86_64: Process 6124 attached [pid 6124] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6124] chdir("./201") = 0 [pid 6124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6124] setpgid(0, 0) = 0 [pid 6124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6124] write(3, "1000", 4) = 4 [pid 6124] close(3) = 0 [pid 6124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6124] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6124] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6125 attached => {parent_tid=[6125]}, 88) = 6125 [pid 6125] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6124] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6125] <... rseq resumed>) = 0 [pid 6125] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 6125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6125] memfd_create("syzkaller", 0) = 3 [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6125] munmap(0x7f036dc00000, 138412032) = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6125] close(3) = 0 [pid 6125] close(4) = 0 [pid 6125] mkdir("./bus", 0777) = 0 [ 239.014179][ T6125] loop0: detected capacity change from 0 to 2048 [pid 6125] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6125] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6125] chdir("./bus") = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6125] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6125] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6124] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... openat resumed>) = 4 [pid 6125] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6125] <... futex resumed>) = 1 [pid 6124] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... openat resumed>) = 5 [pid 6125] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6125] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = 0 [pid 6124] <... futex resumed>) = 1 [pid 6125] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6124] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... openat resumed>) = 6 [pid 6125] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6125] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] <... futex resumed>) = 0 [pid 6125] write(6, "t", 1 [pid 6124] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... write resumed>) = 1 [ 239.057391][ T6125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6125] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6125] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] sendfile(6, 5, NULL, 131071 [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6124] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6124] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6124] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6128 attached [pid 6128] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6128] set_robust_list(0x7f03761d69a0, 24 [pid 6124] <... clone3 resumed> => {parent_tid=[6128]}, 88) = 6128 [pid 6128] <... set_robust_list resumed>) = 0 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], [pid 6128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6128] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] <... futex resumed>) = 0 [pid 6128] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6124] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6128] <... open resumed>) = 7 [ 239.163171][ T6125] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 239.178536][ T6125] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 239.190841][ T6125] EXT4-fs (loop0): This should not happen!! Data will be lost [ 239.190841][ T6125] [ 239.200587][ T6125] EXT4-fs (loop0): Total free blocks count 0 [ 239.206609][ T6125] EXT4-fs (loop0): Free/Dirty block details [pid 6128] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6128] <... futex resumed>) = 1 [pid 6124] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6128] <... mmap resumed>) = 0x20000000 [pid 6125] <... sendfile resumed>) = 75 [pid 6128] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] <... futex resumed>) = 1 [pid 6125] <... futex resumed>) = 0 [pid 6128] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6125] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6125] <... futex resumed>) = 0 [pid 6124] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] pipe2(0x20000240, 0) = 0 [pid 6125] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6125] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] exit_group(0 [pid 6125] <... futex resumed>) = ? [pid 6128] <... futex resumed>) = ? [pid 6125] +++ exited with 0 +++ [pid 6124] <... exit_group resumed>) = ? [pid 6128] +++ exited with 0 +++ [pid 6124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6124, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [ 239.212600][ T6125] EXT4-fs (loop0): free_blocks=2415919104 [ 239.218378][ T6125] EXT4-fs (loop0): dirty_blocks=16 [ 239.223589][ T6125] EXT4-fs (loop0): Block reservation details [ 239.229609][ T6125] EXT4-fs (loop0): i_reserved_data_blocks=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./201/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./201/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 239.350601][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 openat(AT_FDCWD, "./201/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/bus") = 0 umount2("./201/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6129 attached , child_tidptr=0x5555749a2690) = 6129 [pid 6129] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6129] chdir("./202") = 0 [pid 6129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6129] setpgid(0, 0) = 0 [pid 6129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6129] write(3, "1000", 4) = 4 [pid 6129] close(3) = 0 [pid 6129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6129] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6129] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6130 attached [pid 6130] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6129] <... clone3 resumed> => {parent_tid=[6130]}, 88) = 6130 [pid 6130] <... rseq resumed>) = 0 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], [pid 6130] set_robust_list(0x7f03761f79a0, 24 [pid 6129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6130] <... set_robust_list resumed>) = 0 [pid 6129] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6129] <... futex resumed>) = 0 [pid 6130] memfd_create("syzkaller", 0 [pid 6129] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6130] <... memfd_create resumed>) = 3 [pid 6130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6130] munmap(0x7f036dc00000, 138412032) = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6130] close(3) = 0 [pid 6130] close(4) = 0 [pid 6130] mkdir("./bus", 0777) = 0 [ 239.694047][ T6130] loop0: detected capacity change from 0 to 2048 [pid 6130] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6130] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6130] chdir("./bus") = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6130] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6129] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... openat resumed>) = 4 [pid 6130] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6129] <... futex resumed>) = 0 [pid 6130] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6129] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... openat resumed>) = 5 [ 239.749584][ T6130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6130] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] <... futex resumed>) = 0 [pid 6130] <... futex resumed>) = 1 [pid 6129] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... openat resumed>) = 6 [pid 6130] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] write(6, "t", 1 [pid 6129] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... write resumed>) = 1 [pid 6130] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = 0 [pid 6129] <... futex resumed>) = 1 [pid 6130] sendfile(6, 5, NULL, 131071 [pid 6129] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6129] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 239.865349][ T6130] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 239.880769][ T6130] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 239.893136][ T6130] EXT4-fs (loop0): This should not happen!! Data will be lost [ 239.893136][ T6130] [ 239.902854][ T6130] EXT4-fs (loop0): Total free blocks count 0 [ 239.908862][ T6130] EXT4-fs (loop0): Free/Dirty block details [pid 6129] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6133 attached [pid 6133] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6129] <... clone3 resumed> => {parent_tid=[6133]}, 88) = 6133 [pid 6133] set_robust_list(0x7f03761d69a0, 24 [pid 6130] <... sendfile resumed>) = 75 [pid 6133] <... set_robust_list resumed>) = 0 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], [pid 6130] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6133] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6130] <... futex resumed>) = 0 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], [pid 6130] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6129] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... futex resumed>) = 0 [pid 6129] <... futex resumed>) = 1 [pid 6133] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6129] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... open resumed>) = 7 [pid 6133] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6133] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] <... futex resumed>) = 0 [ 239.914912][ T6130] EXT4-fs (loop0): free_blocks=2415919104 [ 239.920812][ T6130] EXT4-fs (loop0): dirty_blocks=16 [ 239.925959][ T6130] EXT4-fs (loop0): Block reservation details [ 239.932107][ T6130] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 239.952553][ T29] kauditd_printk_skb: 13 callbacks suppressed [pid 6129] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... futex resumed>) = 0 [pid 6130] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6130] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6129] <... futex resumed>) = 0 [pid 6130] pipe2(0x20000240, 0) = 0 [pid 6129] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6130] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] exit_group(0 [pid 6133] <... futex resumed>) = ? [pid 6129] <... exit_group resumed>) = ? [pid 6130] <... futex resumed>) = ? [pid 6133] +++ exited with 0 +++ [pid 6130] +++ exited with 0 +++ [pid 6129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6129, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 239.952576][ T29] audit: type=1804 audit(1714530508.765:711): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/202/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./202", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./202/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./202/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 240.041838][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 openat(AT_FDCWD, "./202/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/bus") = 0 umount2("./202/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6134 attached , child_tidptr=0x5555749a2690) = 6134 [pid 6134] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6134] chdir("./203") = 0 [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6134] setpgid(0, 0) = 0 [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6134] write(3, "1000", 4) = 4 [pid 6134] close(3) = 0 [pid 6134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6134] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6134] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6135 attached [pid 6135] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6134] <... clone3 resumed> => {parent_tid=[6135]}, 88) = 6135 [pid 6135] set_robust_list(0x7f03761f79a0, 24 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], [pid 6135] <... set_robust_list resumed>) = 0 [pid 6134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], [pid 6134] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] memfd_create("syzkaller", 0 [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6135] <... memfd_create resumed>) = 3 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6135] munmap(0x7f036dc00000, 138412032) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6135] close(3) = 0 [pid 6135] close(4) = 0 [pid 6135] mkdir("./bus", 0777) = 0 [ 240.380876][ T6135] loop0: detected capacity change from 0 to 2048 [pid 6135] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6135] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6135] chdir("./bus") = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6135] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = 1 [pid 6135] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6134] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... openat resumed>) = 4 [pid 6135] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 240.446012][ T6135] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6135] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = 1 [pid 6135] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6134] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... openat resumed>) = 5 [pid 6135] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6134] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] <... openat resumed>) = 6 [pid 6134] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = 1 [pid 6134] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] write(6, "t", 1 [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... write resumed>) = 1 [pid 6135] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = 1 [pid 6135] sendfile(6, 5, NULL, 131071 [ 240.511308][ T29] audit: type=1804 audit(1714530509.325:712): pid=6135 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/203/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 240.536662][ T29] audit: type=1804 audit(1714530509.335:713): pid=6135 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/203/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6134] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 240.590475][ T6135] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 240.605778][ T6135] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 240.618135][ T6135] EXT4-fs (loop0): This should not happen!! Data will be lost [ 240.618135][ T6135] [ 240.627965][ T6135] EXT4-fs (loop0): Total free blocks count 0 [ 240.634108][ T6135] EXT4-fs (loop0): Free/Dirty block details [pid 6134] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6134] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE [pid 6135] <... sendfile resumed>) = 75 [pid 6134] <... mprotect resumed>) = 0 [pid 6135] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6139 attached => {parent_tid=[6139]}, 88) = 6139 [pid 6139] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], [pid 6139] <... rseq resumed>) = 0 [pid 6134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6139] set_robust_list(0x7f03761d69a0, 24 [pid 6134] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... set_robust_list resumed>) = 0 [pid 6134] <... futex resumed>) = 0 [pid 6139] rt_sigprocmask(SIG_SETMASK, [], [pid 6134] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 240.640215][ T6135] EXT4-fs (loop0): free_blocks=2415919104 [ 240.646108][ T6135] EXT4-fs (loop0): dirty_blocks=16 [ 240.651325][ T6135] EXT4-fs (loop0): Block reservation details [ 240.657347][ T6135] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6139] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6139] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... futex resumed>) = 0 [pid 6139] <... futex resumed>) = 1 [pid 6134] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = 1 [pid 6135] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6134] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... mmap resumed>) = 0x20000000 [pid 6135] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6135] pipe2( [pid 6134] <... futex resumed>) = 1 [pid 6135] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6134] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] exit_group(0 [pid 6139] <... futex resumed>) = ? [pid 6135] <... futex resumed>) = ? [pid 6139] +++ exited with 0 +++ [pid 6135] +++ exited with 0 +++ [pid 6134] <... exit_group resumed>) = ? [ 240.695344][ T29] audit: type=1804 audit(1714530509.505:714): pid=6139 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/203/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- umount2("./203", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./203/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./203/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 240.783433][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./203/bus") = 0 umount2("./203/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6140 attached , child_tidptr=0x5555749a2690) = 6140 [pid 6140] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6140] chdir("./204") = 0 [pid 6140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6140] setpgid(0, 0) = 0 [pid 6140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] write(3, "1000", 4) = 4 [pid 6140] close(3) = 0 [pid 6140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6140] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6140] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6141 attached [pid 6141] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6140] <... clone3 resumed> => {parent_tid=[6141]}, 88) = 6141 [pid 6141] set_robust_list(0x7f03761f79a0, 24 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], [pid 6141] <... set_robust_list resumed>) = 0 [pid 6140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6140] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] memfd_create("syzkaller", 0 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6141] <... memfd_create resumed>) = 3 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6141] munmap(0x7f036dc00000, 138412032) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6141] close(3) = 0 [pid 6141] close(4) = 0 [pid 6141] mkdir("./bus", 0777) = 0 [pid 6141] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6141] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6141] chdir("./bus") = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6141] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [ 241.098267][ T6141] loop0: detected capacity change from 0 to 2048 [ 241.136493][ T6141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6141] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = 0 [pid 6140] <... futex resumed>) = 1 [pid 6141] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6140] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... openat resumed>) = 4 [pid 6141] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = 0 [pid 6140] <... futex resumed>) = 1 [pid 6141] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6140] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... openat resumed>) = 5 [pid 6141] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6141] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6140] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... openat resumed>) = 6 [pid 6141] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] write(6, "t", 1 [pid 6140] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... write resumed>) = 1 [pid 6141] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] sendfile(6, 5, NULL, 131071 [pid 6140] <... futex resumed>) = 0 [ 241.167553][ T29] audit: type=1804 audit(1714530509.975:715): pid=6141 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/204/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 241.194594][ T29] audit: type=1804 audit(1714530510.005:716): pid=6141 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/204/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6140] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6140] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6140] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6145 attached [pid 6145] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [ 241.258894][ T6141] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 241.274206][ T6141] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 241.286929][ T6141] EXT4-fs (loop0): This should not happen!! Data will be lost [ 241.286929][ T6141] [ 241.297520][ T6141] EXT4-fs (loop0): Total free blocks count 0 [pid 6145] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6140] <... clone3 resumed> => {parent_tid=[6145]}, 88) = 6145 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], [pid 6140] rt_sigprocmask(SIG_SETMASK, [], [pid 6145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6145] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6140] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... open resumed>) = 7 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 75 [pid 6145] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6145] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 6141] <... futex resumed>) = 1 [pid 6140] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6141] pipe2(0x20000240, 0) = 0 [pid 6141] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] <... futex resumed>) = 0 [pid 6141] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] exit_group(0 [pid 6145] <... futex resumed>) = ? [ 241.303610][ T6141] EXT4-fs (loop0): Free/Dirty block details [ 241.309938][ T6141] EXT4-fs (loop0): free_blocks=2415919104 [ 241.315464][ T29] audit: type=1804 audit(1714530510.125:717): pid=6145 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/204/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 241.316324][ T6141] EXT4-fs (loop0): dirty_blocks=16 [ 241.346187][ T6141] EXT4-fs (loop0): Block reservation details [ 241.352767][ T6141] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6141] <... futex resumed>) = ? [pid 6140] <... exit_group resumed>) = ? [pid 6145] +++ exited with 0 +++ [pid 6141] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6140, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./204/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./204/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 241.424119][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 rmdir("./204/bus") = 0 umount2("./204/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6146 attached , child_tidptr=0x5555749a2690) = 6146 [pid 6146] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6146] chdir("./205") = 0 [pid 6146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6146] setpgid(0, 0) = 0 [pid 6146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6146] write(3, "1000", 4) = 4 [pid 6146] close(3) = 0 [pid 6146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6146] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6146] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6147 attached [pid 6147] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6146] <... clone3 resumed> => {parent_tid=[6147]}, 88) = 6147 [pid 6147] set_robust_list(0x7f03761f79a0, 24 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] <... set_robust_list resumed>) = 0 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6146] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] memfd_create("syzkaller", 0 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6147] <... memfd_create resumed>) = 3 [pid 6147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6147] munmap(0x7f036dc00000, 138412032) = 0 [pid 6147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6147] close(3) = 0 [pid 6147] close(4) = 0 [pid 6147] mkdir("./bus", 0777) = 0 [ 241.768405][ T6147] loop0: detected capacity change from 0 to 2048 [pid 6147] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6147] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6147] chdir("./bus") = 0 [pid 6147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6147] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6147] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6146] <... futex resumed>) = 0 [pid 6147] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6146] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... openat resumed>) = 4 [pid 6147] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6147] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6146] <... futex resumed>) = 0 [pid 6147] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6146] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... openat resumed>) = 5 [ 241.819075][ T6147] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6147] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6147] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6147] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6146] <... futex resumed>) = 0 [pid 6147] <... openat resumed>) = 6 [pid 6146] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] write(6, "t", 1 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... write resumed>) = 1 [pid 6147] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6146] <... futex resumed>) = 1 [pid 6147] sendfile(6, 5, NULL, 131071 [ 241.869484][ T29] audit: type=1804 audit(1714530510.675:718): pid=6147 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/205/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 241.893864][ T29] audit: type=1804 audit(1714530510.675:719): pid=6147 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/205/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6146] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6146] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6146] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 241.986493][ T6147] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 242.002234][ T6147] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 242.014657][ T6147] EXT4-fs (loop0): This should not happen!! Data will be lost [ 242.014657][ T6147] [ 242.025877][ T6147] EXT4-fs (loop0): Total free blocks count 0 [pid 6146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6151 attached [pid 6151] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6151] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6146] <... clone3 resumed> => {parent_tid=[6151]}, 88) = 6151 [pid 6151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], [pid 6151] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6146] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... futex resumed>) = 0 [pid 6146] <... futex resumed>) = 1 [pid 6151] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6146] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6151] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... futex resumed>) = 0 [pid 6146] <... futex resumed>) = 1 [pid 6151] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6146] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 242.032476][ T6147] EXT4-fs (loop0): Free/Dirty block details [ 242.040090][ T6147] EXT4-fs (loop0): free_blocks=2415919104 [ 242.043780][ T29] audit: type=1804 audit(1714530510.855:720): pid=6151 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/205/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 242.046808][ T6147] EXT4-fs (loop0): dirty_blocks=16 [ 242.075133][ T6147] EXT4-fs (loop0): Block reservation details [ 242.081268][ T6147] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6151] <... mmap resumed>) = 0x20000000 [pid 6151] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... sendfile resumed>) = 75 [pid 6151] <... futex resumed>) = 1 [pid 6147] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6147] pipe2( [pid 6146] <... futex resumed>) = 1 [pid 6147] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6146] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6147] <... futex resumed>) = 1 [pid 6146] exit_group(0 [pid 6147] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6151] <... futex resumed>) = ? [pid 6147] <... futex resumed>) = ? [pid 6146] <... exit_group resumed>) = ? [pid 6151] +++ exited with 0 +++ [pid 6147] +++ exited with 0 +++ [pid 6146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6146, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./205", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./205/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./205/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 242.163136][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/bus") = 0 umount2("./205/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6152 attached , child_tidptr=0x5555749a2690) = 6152 [pid 6152] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6152] chdir("./206") = 0 [pid 6152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6152] setpgid(0, 0) = 0 [pid 6152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6152] write(3, "1000", 4) = 4 [pid 6152] close(3) = 0 [pid 6152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6152] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6152] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6153 attached [pid 6153] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6152] <... clone3 resumed> => {parent_tid=[6153]}, 88) = 6153 [pid 6153] <... rseq resumed>) = 0 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], [pid 6153] set_robust_list(0x7f03761f79a0, 24 [pid 6152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6153] <... set_robust_list resumed>) = 0 [pid 6152] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] rt_sigprocmask(SIG_SETMASK, [], [pid 6152] <... futex resumed>) = 0 [pid 6153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6152] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6153] memfd_create("syzkaller", 0) = 3 [pid 6153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6153] munmap(0x7f036dc00000, 138412032) = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6153] close(3) = 0 [pid 6153] close(4) = 0 [pid 6153] mkdir("./bus", 0777) = 0 [ 242.487154][ T6153] loop0: detected capacity change from 0 to 2048 [pid 6153] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6153] chdir("./bus") = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6153] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6153] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6152] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... openat resumed>) = 4 [pid 6153] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] openat(AT_FDCWD, "./bus", O_RDONLY [ 242.537359][ T6153] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6152] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] <... openat resumed>) = 5 [pid 6152] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] <... futex resumed>) = 0 [pid 6153] <... futex resumed>) = 1 [pid 6152] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... openat resumed>) = 6 [pid 6153] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6153] write(6, "t", 1 [pid 6152] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... write resumed>) = 1 [pid 6153] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6153] sendfile(6, 5, NULL, 131071 [pid 6152] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6152] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6152] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6156 attached [pid 6156] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6156] set_robust_list(0x7f03761d69a0, 24 [pid 6152] <... clone3 resumed> => {parent_tid=[6156]}, 88) = 6156 [pid 6156] <... set_robust_list resumed>) = 0 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6152] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6152] <... futex resumed>) = 0 [pid 6156] <... open resumed>) = 7 [ 242.646720][ T6153] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 242.661861][ T6153] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 242.674253][ T6153] EXT4-fs (loop0): This should not happen!! Data will be lost [ 242.674253][ T6153] [ 242.684110][ T6153] EXT4-fs (loop0): Total free blocks count 0 [ 242.690217][ T6153] EXT4-fs (loop0): Free/Dirty block details [pid 6152] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6156] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6152] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] <... mmap resumed>) = 0x20000000 [pid 6153] <... sendfile resumed>) = 75 [pid 6156] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 1 [pid 6156] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] <... futex resumed>) = 0 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6153] pipe2( [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6153] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] exit_group(0 [pid 6156] <... futex resumed>) = ? [pid 6156] +++ exited with 0 +++ [pid 6153] <... futex resumed>) = ? [pid 6152] <... exit_group resumed>) = ? [pid 6153] +++ exited with 0 +++ [pid 6152] +++ exited with 0 +++ [ 242.696142][ T6153] EXT4-fs (loop0): free_blocks=2415919104 [ 242.701981][ T6153] EXT4-fs (loop0): dirty_blocks=16 [ 242.707136][ T6153] EXT4-fs (loop0): Block reservation details [ 242.713195][ T6153] EXT4-fs (loop0): i_reserved_data_blocks=1 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6152, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./206", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./206/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./206/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 242.814502][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/bus") = 0 umount2("./206/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6157 attached , child_tidptr=0x5555749a2690) = 6157 [pid 6157] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6157] chdir("./207") = 0 [pid 6157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6157] setpgid(0, 0) = 0 [pid 6157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6157] write(3, "1000", 4) = 4 [pid 6157] close(3) = 0 [pid 6157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6157] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6157] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6158 attached [pid 6158] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6157] <... clone3 resumed> => {parent_tid=[6158]}, 88) = 6158 [pid 6158] <... rseq resumed>) = 0 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6158] set_robust_list(0x7f03761f79a0, 24 [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6158] <... set_robust_list resumed>) = 0 [pid 6157] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6157] <... futex resumed>) = 0 [pid 6158] memfd_create("syzkaller", 0 [pid 6157] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6158] <... memfd_create resumed>) = 3 [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6158] munmap(0x7f036dc00000, 138412032) = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6158] close(3) = 0 [pid 6158] close(4) = 0 [pid 6158] mkdir("./bus", 0777) = 0 [ 243.123650][ T6158] loop0: detected capacity change from 0 to 2048 [pid 6158] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6158] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6158] chdir("./bus") = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6158] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6158] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6157] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... openat resumed>) = 4 [pid 6158] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6158] <... futex resumed>) = 1 [pid 6157] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6157] <... futex resumed>) = 0 [pid 6158] <... openat resumed>) = 5 [pid 6157] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] <... futex resumed>) = 0 [pid 6157] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 6158] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6158] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] <... futex resumed>) = 0 [pid 6158] write(6, "t", 1 [pid 6157] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... write resumed>) = 1 [pid 6158] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6158] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6158] sendfile(6, 5, NULL, 131071 [ 243.175210][ T6158] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6157] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6157] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6157] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} => {parent_tid=[6161]}, 88) = 6161 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6157] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6161 attached [ 243.255796][ T6158] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 243.271521][ T6158] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 243.284690][ T6158] EXT4-fs (loop0): This should not happen!! Data will be lost [ 243.284690][ T6158] [ 243.294459][ T6158] EXT4-fs (loop0): Total free blocks count 0 [pid 6161] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6161] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6161] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6161] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6161] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6157] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] <... mmap resumed>) = 0x20000000 [pid 6158] <... sendfile resumed>) = 75 [pid 6158] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] <... futex resumed>) = 0 [pid 6161] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6158] pipe2(0x20000240, 0) = 0 [pid 6158] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] exit_group(0) = ? [pid 6161] <... futex resumed>) = ? [pid 6161] +++ exited with 0 +++ [pid 6158] <... futex resumed>) = ? [pid 6158] +++ exited with 0 +++ [pid 6157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6157, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./207", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 243.301192][ T6158] EXT4-fs (loop0): Free/Dirty block details [ 243.307115][ T6158] EXT4-fs (loop0): free_blocks=2415919104 [ 243.314354][ T6158] EXT4-fs (loop0): dirty_blocks=16 [ 243.319488][ T6158] EXT4-fs (loop0): Block reservation details [ 243.326420][ T6158] EXT4-fs (loop0): i_reserved_data_blocks=1 openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./207/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./207/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 243.401221][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/bus") = 0 umount2("./207/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6162 attached , child_tidptr=0x5555749a2690) = 6162 [pid 6162] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6162] chdir("./208") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6162] write(3, "1000", 4) = 4 [pid 6162] close(3) = 0 [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6162] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6162] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6163 attached [pid 6163] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6162] <... clone3 resumed> => {parent_tid=[6163]}, 88) = 6163 [pid 6163] <... rseq resumed>) = 0 [pid 6162] rt_sigprocmask(SIG_SETMASK, [], [pid 6163] set_robust_list(0x7f03761f79a0, 24 [pid 6162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6163] <... set_robust_list resumed>) = 0 [pid 6162] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] rt_sigprocmask(SIG_SETMASK, [], [pid 6162] <... futex resumed>) = 0 [pid 6163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6162] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6163] memfd_create("syzkaller", 0) = 3 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6163] munmap(0x7f036dc00000, 138412032) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6163] close(3) = 0 [pid 6163] close(4) = 0 [pid 6163] mkdir("./bus", 0777) = 0 [ 243.727058][ T6163] loop0: detected capacity change from 0 to 2048 [pid 6163] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6163] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] chdir("./bus") = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6163] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6162] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... openat resumed>) = 4 [pid 6163] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6162] <... futex resumed>) = 0 [pid 6163] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6162] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... openat resumed>) = 5 [ 243.776377][ T6163] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6163] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6162] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6163] <... openat resumed>) = 6 [pid 6162] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = 0 [pid 6162] <... futex resumed>) = 1 [pid 6163] write(6, "t", 1 [pid 6162] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... write resumed>) = 1 [pid 6163] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... futex resumed>) = 0 [pid 6163] <... futex resumed>) = 1 [pid 6162] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] sendfile(6, 5, NULL, 131071 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6162] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [ 243.912284][ T6163] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 243.928555][ T6163] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 243.940920][ T6163] EXT4-fs (loop0): This should not happen!! Data will be lost [ 243.940920][ T6163] [ 243.950878][ T6163] EXT4-fs (loop0): Total free blocks count 0 [ 243.956906][ T6163] EXT4-fs (loop0): Free/Dirty block details [pid 6162] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6163] <... sendfile resumed>) = 75 [pid 6162] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6163] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0} [pid 6163] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6166 attached [pid 6162] <... clone3 resumed> => {parent_tid=[6166]}, 88) = 6166 [pid 6166] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6163] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] rt_sigprocmask(SIG_SETMASK, [], [pid 6166] <... rseq resumed>) = 0 [pid 6166] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6166] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6162] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = 0 [pid 6162] <... futex resumed>) = 1 [pid 6166] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6162] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... open resumed>) = 7 [pid 6166] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6166] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... futex resumed>) = 0 [ 243.963189][ T6163] EXT4-fs (loop0): free_blocks=2415919104 [ 243.968970][ T6163] EXT4-fs (loop0): dirty_blocks=16 [ 243.974160][ T6163] EXT4-fs (loop0): Block reservation details [ 243.980230][ T6163] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6163] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = 0 [pid 6162] <... futex resumed>) = 1 [pid 6163] pipe2( [pid 6162] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6163] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] exit_group(0 [pid 6163] <... futex resumed>) = ? [pid 6163] +++ exited with 0 +++ [pid 6162] <... exit_group resumed>) = ? [pid 6166] <... futex resumed>) = ? [pid 6166] +++ exited with 0 +++ [pid 6162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6162, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./208", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./208/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./208/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 244.131274][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/bus") = 0 umount2("./208/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6167 attached , child_tidptr=0x5555749a2690) = 6167 [pid 6167] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6167] chdir("./209") = 0 [pid 6167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6167] setpgid(0, 0) = 0 [pid 6167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6167] write(3, "1000", 4) = 4 [pid 6167] close(3) = 0 [pid 6167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6167] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6167] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6167] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6168 attached [pid 6168] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6167] <... clone3 resumed> => {parent_tid=[6168]}, 88) = 6168 [pid 6168] set_robust_list(0x7f03761f79a0, 24 [pid 6167] rt_sigprocmask(SIG_SETMASK, [], [pid 6168] <... set_robust_list resumed>) = 0 [pid 6167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], [pid 6167] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6167] <... futex resumed>) = 0 [pid 6168] memfd_create("syzkaller", 0 [pid 6167] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6168] <... memfd_create resumed>) = 3 [pid 6168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6168] munmap(0x7f036dc00000, 138412032) = 0 [pid 6168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6168] close(3) = 0 [pid 6168] close(4) = 0 [pid 6168] mkdir("./bus", 0777) = 0 [ 244.472799][ T6168] loop0: detected capacity change from 0 to 2048 [pid 6168] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6168] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6168] chdir("./bus") = 0 [pid 6168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6168] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6167] <... futex resumed>) = 0 [pid 6168] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6167] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... openat resumed>) = 4 [pid 6168] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6168] <... futex resumed>) = 1 [pid 6167] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6167] <... futex resumed>) = 0 [pid 6168] <... openat resumed>) = 5 [ 244.522856][ T6168] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6167] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 1 [pid 6167] <... futex resumed>) = 0 [pid 6168] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6167] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... openat resumed>) = 6 [pid 6168] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6168] <... futex resumed>) = 1 [pid 6167] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] write(6, "t", 1 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... write resumed>) = 1 [pid 6168] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6167] <... futex resumed>) = 0 [pid 6168] sendfile(6, 5, NULL, 131071 [pid 6167] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6167] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6167] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 244.655234][ T6168] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 244.670667][ T6168] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 244.682975][ T6168] EXT4-fs (loop0): This should not happen!! Data will be lost [ 244.682975][ T6168] [ 244.692693][ T6168] EXT4-fs (loop0): Total free blocks count 0 [ 244.698724][ T6168] EXT4-fs (loop0): Free/Dirty block details [pid 6167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6172 attached [pid 6172] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6167] <... clone3 resumed> => {parent_tid=[6172]}, 88) = 6172 [pid 6172] set_robust_list(0x7f03761d69a0, 24 [pid 6167] rt_sigprocmask(SIG_SETMASK, [], [pid 6172] <... set_robust_list resumed>) = 0 [pid 6172] rt_sigprocmask(SIG_SETMASK, [], [pid 6167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6172] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6167] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... open resumed>) = 7 [pid 6172] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... mmap resumed>) = 0x20000000 [pid 6168] <... sendfile resumed>) = 75 [pid 6172] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6167] <... futex resumed>) = 0 [pid 6172] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6167] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] pipe2( [pid 6167] <... futex resumed>) = 0 [pid 6168] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6167] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 6167] exit_group(0) = ? [pid 6172] <... futex resumed>) = ? [pid 6168] +++ exited with 0 +++ [pid 6172] +++ exited with 0 +++ [pid 6167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6167, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 244.704719][ T6168] EXT4-fs (loop0): free_blocks=2415919104 [ 244.710573][ T6168] EXT4-fs (loop0): dirty_blocks=16 [ 244.715731][ T6168] EXT4-fs (loop0): Block reservation details [ 244.721829][ T6168] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./209", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./209/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./209/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 [ 244.799755][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/bus") = 0 umount2("./209/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 6173 ./strace-static-x86_64: Process 6173 attached [pid 6173] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6173] chdir("./210") = 0 [pid 6173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6173] setpgid(0, 0) = 0 [pid 6173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6173] write(3, "1000", 4) = 4 [pid 6173] close(3) = 0 [pid 6173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6173] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6173] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6174 attached [pid 6174] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6173] <... clone3 resumed> => {parent_tid=[6174]}, 88) = 6174 [pid 6174] <... rseq resumed>) = 0 [pid 6173] rt_sigprocmask(SIG_SETMASK, [], [pid 6174] set_robust_list(0x7f03761f79a0, 24 [pid 6173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6174] <... set_robust_list resumed>) = 0 [pid 6173] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] rt_sigprocmask(SIG_SETMASK, [], [pid 6173] <... futex resumed>) = 0 [pid 6174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6173] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6174] memfd_create("syzkaller", 0) = 3 [pid 6174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6174] munmap(0x7f036dc00000, 138412032) = 0 [pid 6174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6174] close(3) = 0 [pid 6174] close(4) = 0 [pid 6174] mkdir("./bus", 0777) = 0 [ 245.126644][ T6174] loop0: detected capacity change from 0 to 2048 [pid 6174] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6174] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6174] chdir("./bus") = 0 [pid 6174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6174] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6174] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6173] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] <... openat resumed>) = 4 [pid 6174] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6174] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6173] <... futex resumed>) = 0 [pid 6174] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6173] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] <... openat resumed>) = 5 [pid 6174] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 245.167577][ T6174] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 6174] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6173] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6173] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 6174] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = 0 [pid 6174] <... futex resumed>) = 1 [pid 6173] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] write(6, "t", 1 [pid 6173] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] <... write resumed>) = 1 [pid 6174] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] <... futex resumed>) = 0 [pid 6173] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = 0 [pid 6173] <... futex resumed>) = 1 [pid 6174] sendfile(6, 5, NULL, 131071 [ 245.217063][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 245.217087][ T29] audit: type=1804 audit(1714530514.025:733): pid=6174 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/210/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 245.248624][ T29] audit: type=1804 audit(1714530514.055:734): pid=6174 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/210/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6173] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 245.306751][ T6174] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 245.322095][ T6174] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 245.334472][ T6174] EXT4-fs (loop0): This should not happen!! Data will be lost [ 245.334472][ T6174] [ 245.344873][ T6174] EXT4-fs (loop0): Total free blocks count 0 [ 245.351012][ T6174] EXT4-fs (loop0): Free/Dirty block details [pid 6173] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6173] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6177 attached [pid 6177] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6173] <... clone3 resumed> => {parent_tid=[6177]}, 88) = 6177 [pid 6177] <... rseq resumed>) = 0 [pid 6173] rt_sigprocmask(SIG_SETMASK, [], [pid 6177] set_robust_list(0x7f03761d69a0, 24 [pid 6173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] <... set_robust_list resumed>) = 0 [pid 6173] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], [pid 6173] <... futex resumed>) = 0 [pid 6177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6173] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6177] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6177] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6173] <... futex resumed>) = 0 [pid 6177] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6173] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... mmap resumed>) = 0x20000000 [pid 6177] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = 0 [pid 6173] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] pipe2( [pid 6174] <... sendfile resumed>) = 75 [pid 6177] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6174] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = 0 [pid 6173] exit_group(0) = ? [pid 6174] <... futex resumed>) = ? [pid 6174] +++ exited with 0 +++ [pid 6177] <... futex resumed>) = ? [pid 6177] +++ exited with 0 +++ [pid 6173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6173, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [ 245.356955][ T6174] EXT4-fs (loop0): free_blocks=2415919104 [ 245.363271][ T6174] EXT4-fs (loop0): dirty_blocks=16 [ 245.368741][ T6174] EXT4-fs (loop0): Block reservation details [ 245.375643][ T6174] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 245.383186][ T29] audit: type=1804 audit(1714530514.195:735): pid=6177 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/210/bus/bus" dev="loop0" ino=18 res=1 errno=0 umount2("./210", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./210/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./210/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 245.462532][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/bus") = 0 umount2("./210/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6178 attached , child_tidptr=0x5555749a2690) = 6178 [pid 6178] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6178] chdir("./211") = 0 [pid 6178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6178] setpgid(0, 0) = 0 [pid 6178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6178] write(3, "1000", 4) = 4 [pid 6178] close(3) = 0 [pid 6178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6178] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6178] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6179 attached [pid 6179] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053) = 0 [pid 6178] <... clone3 resumed> => {parent_tid=[6179]}, 88) = 6179 [pid 6179] set_robust_list(0x7f03761f79a0, 24 [pid 6178] rt_sigprocmask(SIG_SETMASK, [], [pid 6179] <... set_robust_list resumed>) = 0 [pid 6179] rt_sigprocmask(SIG_SETMASK, [], [pid 6178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6178] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] memfd_create("syzkaller", 0 [pid 6178] <... futex resumed>) = 0 [pid 6178] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6179] <... memfd_create resumed>) = 3 [pid 6179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6179] munmap(0x7f036dc00000, 138412032) = 0 [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6179] close(3) = 0 [pid 6179] close(4) = 0 [pid 6179] mkdir("./bus", 0777) = 0 [pid 6179] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [ 245.855139][ T6179] loop0: detected capacity change from 0 to 2048 [pid 6179] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6179] chdir("./bus") = 0 [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6179] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] <... futex resumed>) = 0 [pid 6179] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6178] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6178] <... futex resumed>) = 0 [pid 6179] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6178] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] <... openat resumed>) = 4 [pid 6179] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] <... futex resumed>) = 0 [pid 6179] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6178] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6178] <... futex resumed>) = 0 [pid 6178] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] <... openat resumed>) = 5 [pid 6179] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] <... futex resumed>) = 0 [pid 6179] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6178] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] <... openat resumed>) = 6 [pid 6178] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6178] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6179] <... futex resumed>) = 0 [pid 6178] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] write(6, "t", 1) = 1 [pid 6179] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6179] <... futex resumed>) = 1 [pid 6179] sendfile(6, 5, NULL, 131071 [pid 6178] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 245.935041][ T29] audit: type=1804 audit(1714530514.745:736): pid=6179 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/211/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 245.961382][ T29] audit: type=1804 audit(1714530514.775:737): pid=6179 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/211/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6178] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6178] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6178] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 246.049958][ T6179] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 246.065528][ T6179] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 246.079809][ T6179] EXT4-fs (loop0): This should not happen!! Data will be lost [ 246.079809][ T6179] [pid 6178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6182 attached [pid 6182] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6178] <... clone3 resumed> => {parent_tid=[6182]}, 88) = 6182 [pid 6182] set_robust_list(0x7f03761d69a0, 24 [pid 6178] rt_sigprocmask(SIG_SETMASK, [], [pid 6182] <... set_robust_list resumed>) = 0 [pid 6178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6182] rt_sigprocmask(SIG_SETMASK, [], [pid 6178] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6182] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6178] <... futex resumed>) = 0 [pid 6182] <... open resumed>) = 7 [pid 6178] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6182] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] <... futex resumed>) = 0 [pid 6182] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6178] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 246.086607][ T29] audit: type=1804 audit(1714530514.895:738): pid=6182 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/211/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 246.092708][ T6179] EXT4-fs (loop0): Total free blocks count 0 [ 246.122867][ T6179] EXT4-fs (loop0): Free/Dirty block details [ 246.129829][ T6179] EXT4-fs (loop0): free_blocks=2415919104 [ 246.135683][ T6179] EXT4-fs (loop0): dirty_blocks=16 [ 246.140942][ T6179] EXT4-fs (loop0): Block reservation details [pid 6178] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6182] <... mmap resumed>) = 0x20000000 [pid 6179] <... sendfile resumed>) = 75 [pid 6182] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6179] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6182] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] <... futex resumed>) = 0 [pid 6178] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] pipe2( [pid 6178] <... futex resumed>) = 0 [pid 6179] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6178] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6178] exit_group(0 [pid 6182] <... futex resumed>) = ? [pid 6178] <... exit_group resumed>) = ? [pid 6182] +++ exited with 0 +++ [pid 6179] <... futex resumed>) = ? [ 246.146964][ T6179] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6179] +++ exited with 0 +++ [pid 6178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6178, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./211", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./211/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./211/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 246.228299][ T62] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 246.240654][ T62] EXT4-fs (loop0): This should not happen!! Data will be lost [ 246.240654][ T62] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/bus") = 0 umount2("./211/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6183 attached , child_tidptr=0x5555749a2690) = 6183 [pid 6183] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6183] chdir("./212") = 0 [pid 6183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6183] setpgid(0, 0) = 0 [pid 6183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6183] write(3, "1000", 4) = 4 [pid 6183] close(3) = 0 [pid 6183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6183] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6183] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6184 attached [pid 6184] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6183] <... clone3 resumed> => {parent_tid=[6184]}, 88) = 6184 [pid 6184] <... rseq resumed>) = 0 [pid 6184] set_robust_list(0x7f03761f79a0, 24 [pid 6183] rt_sigprocmask(SIG_SETMASK, [], [pid 6184] <... set_robust_list resumed>) = 0 [pid 6183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6184] rt_sigprocmask(SIG_SETMASK, [], [pid 6183] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6183] <... futex resumed>) = 0 [pid 6184] memfd_create("syzkaller", 0 [pid 6183] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6184] <... memfd_create resumed>) = 3 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6184] munmap(0x7f036dc00000, 138412032) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6184] close(3) = 0 [pid 6184] close(4) = 0 [pid 6184] mkdir("./bus", 0777) = 0 [ 246.534774][ T6184] loop0: detected capacity change from 0 to 2048 [pid 6184] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6184] chdir("./bus") = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6184] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = 1 [pid 6183] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6183] <... futex resumed>) = 0 [pid 6183] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... openat resumed>) = 4 [pid 6184] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = 1 [pid 6183] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6183] <... futex resumed>) = 0 [pid 6183] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... openat resumed>) = 5 [pid 6184] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = 1 [pid 6183] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6183] <... futex resumed>) = 0 [pid 6184] <... openat resumed>) = 6 [pid 6183] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = 0 [pid 6184] <... futex resumed>) = 1 [pid 6183] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] write(6, "t", 1 [pid 6183] <... futex resumed>) = 0 [pid 6183] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... write resumed>) = 1 [pid 6184] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6184] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] <... futex resumed>) = 0 [pid 6183] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6184] sendfile(6, 5, NULL, 131071 [pid 6183] <... futex resumed>) = 0 [ 246.628405][ T29] audit: type=1804 audit(1714530515.435:739): pid=6184 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/212/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 246.652765][ T29] audit: type=1804 audit(1714530515.435:740): pid=6184 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/212/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6183] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6183] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6183] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6187 attached [pid 6187] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6187] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6187] rt_sigprocmask(SIG_SETMASK, [], [pid 6183] <... clone3 resumed> => {parent_tid=[6187]}, 88) = 6187 [pid 6187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6183] rt_sigprocmask(SIG_SETMASK, [], [pid 6187] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6183] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 0 [pid 6183] <... futex resumed>) = 1 [ 246.724682][ T6184] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 246.739845][ T6184] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 246.752710][ T6184] EXT4-fs (loop0): This should not happen!! Data will be lost [ 246.752710][ T6184] [ 246.762507][ T6184] EXT4-fs (loop0): Total free blocks count 0 [ 246.768543][ T6184] EXT4-fs (loop0): Free/Dirty block details [pid 6187] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6183] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] <... futex resumed>) = 0 [pid 6183] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 0 [pid 6183] <... futex resumed>) = 1 [pid 6187] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6183] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... mmap resumed>) = 0x20000000 [pid 6187] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... sendfile resumed>) = 75 [pid 6187] <... futex resumed>) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6187] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6183] <... futex resumed>) = 0 [pid 6187] pipe2( [pid 6183] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6187] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 1 [pid 6184] <... futex resumed>) = 0 [pid 6183] <... futex resumed>) = 0 [pid 6187] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6184] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] exit_group(0 [pid 6187] <... futex resumed>) = ? [pid 6184] <... futex resumed>) = ? [pid 6183] <... exit_group resumed>) = ? [pid 6187] +++ exited with 0 +++ [pid 6184] +++ exited with 0 +++ [ 246.774701][ T29] audit: type=1804 audit(1714530515.585:741): pid=6187 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz-executor445" name="/root/syzkaller.FPFMeS/212/bus/bus" dev="loop0" ino=18 res=1 errno=0 [ 246.774974][ T6184] EXT4-fs (loop0): free_blocks=2415919104 [ 246.805694][ T6184] EXT4-fs (loop0): dirty_blocks=16 [ 246.812037][ T6184] EXT4-fs (loop0): Block reservation details [ 246.818653][ T6184] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6183, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./212/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./212/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 246.902250][ T139] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 246.914552][ T139] EXT4-fs (loop0): This should not happen!! Data will be lost [ 246.914552][ T139] getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/bus") = 0 umount2("./212/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6188 attached , child_tidptr=0x5555749a2690) = 6188 [pid 6188] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6188] chdir("./213") = 0 [pid 6188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6188] setpgid(0, 0) = 0 [pid 6188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6188] write(3, "1000", 4) = 4 [pid 6188] close(3) = 0 [pid 6188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6188] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6188] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6188] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6189 attached => {parent_tid=[6189]}, 88) = 6189 [pid 6189] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6188] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6189] <... rseq resumed>) = 0 [pid 6189] set_robust_list(0x7f03761f79a0, 24) = 0 [pid 6189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6189] memfd_create("syzkaller", 0) = 3 [pid 6189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6189] munmap(0x7f036dc00000, 138412032) = 0 [pid 6189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6189] close(3) = 0 [pid 6189] close(4) = 0 [pid 6189] mkdir("./bus", 0777) = 0 [pid 6189] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6189] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 247.264879][ T6189] loop0: detected capacity change from 0 to 2048 [pid 6189] chdir("./bus") = 0 [pid 6189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6189] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6189] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6189] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6188] <... futex resumed>) = 0 [pid 6189] <... openat resumed>) = 4 [pid 6188] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6189] <... futex resumed>) = 1 [pid 6189] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6188] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... openat resumed>) = 5 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6188] <... futex resumed>) = 0 [pid 6189] <... openat resumed>) = 6 [pid 6188] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] <... futex resumed>) = 1 [pid 6188] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] write(6, "t", 1) = 1 [pid 6189] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] sendfile(6, 5, NULL, 131071 [pid 6188] <... futex resumed>) = 0 [ 247.354141][ T29] audit: type=1804 audit(1714530516.165:742): pid=6189 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz-executor445" name="/root/syzkaller.FPFMeS/213/bus/bus" dev="loop0" ino=18 res=1 errno=0 [pid 6188] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6188] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6188] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6193 attached [pid 6193] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053) = 0 [pid 6193] set_robust_list(0x7f03761d69a0, 24) = 0 [pid 6193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6193] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] <... clone3 resumed> => {parent_tid=[6193]}, 88) = 6193 [pid 6188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6188] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 0 [pid 6188] <... futex resumed>) = 1 [pid 6193] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6188] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6193] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6188] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 0 [pid 6188] <... futex resumed>) = 1 [pid 6193] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 247.467772][ T6189] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 247.489750][ T6189] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 247.502269][ T6189] EXT4-fs (loop0): This should not happen!! Data will be lost [ 247.502269][ T6189] [ 247.512092][ T6189] EXT4-fs (loop0): Total free blocks count 0 [pid 6188] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6188] futex(0x7f03762c96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0376195000 [pid 6188] mprotect(0x7f0376196000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761b5990, parent_tid=0x7f03761b5990, exit_signal=0, stack=0x7f0376195000, stack_size=0x20300, tls=0x7f03761b56c0}./strace-static-x86_64: Process 6194 attached [pid 6194] rseq(0x7f03761b5fe0, 0x20, 0, 0x53053053 [pid 6193] <... mmap resumed>) = 0x20000000 [pid 6189] <... sendfile resumed>) = 75 [pid 6194] <... rseq resumed>) = 0 [pid 6188] <... clone3 resumed> => {parent_tid=[6194]}, 88) = 6194 [pid 6194] set_robust_list(0x7f03761b59a0, 24) = 0 [pid 6194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6194] futex(0x7f03762c96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6193] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] rt_sigprocmask(SIG_SETMASK, [], [pid 6193] <... futex resumed>) = 0 [pid 6189] <... futex resumed>) = 0 [pid 6188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6189] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6193] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] futex(0x7f03762c96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6194] <... futex resumed>) = 0 [pid 6188] <... futex resumed>) = 1 [pid 6194] pipe2( [pid 6188] futex(0x7f03762c96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6194] <... pipe2 resumed>0x20000240, 0) = 0 [pid 6194] futex(0x7f03762c96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6194] <... futex resumed>) = 0 [pid 6188] exit_group(0 [pid 6193] <... futex resumed>) = ? [pid 6189] <... futex resumed>) = ? [pid 6194] +++ exited with 0 +++ [pid 6193] +++ exited with 0 +++ [pid 6189] +++ exited with 0 +++ [pid 6188] <... exit_group resumed>) = ? [ 247.518123][ T6189] EXT4-fs (loop0): Free/Dirty block details [ 247.525167][ T6189] EXT4-fs (loop0): free_blocks=2415919104 [ 247.531529][ T6189] EXT4-fs (loop0): dirty_blocks=16 [ 247.536709][ T6189] EXT4-fs (loop0): Block reservation details [ 247.544929][ T6189] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 6188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6188, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./213", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 umount2("./213/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./213/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 247.673080][ T2467] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 247.686080][ T2467] EXT4-fs (loop0): This should not happen!! Data will be lost [ 247.686080][ T2467] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555749ab770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555749ab770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/bus") = 0 umount2("./213/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 getdents64(3, 0x5555749a3730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555749a2690) = 6197 ./strace-static-x86_64: Process 6197 attached [pid 6197] set_robust_list(0x5555749a26a0, 24) = 0 [pid 6197] chdir("./214") = 0 [pid 6197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6197] setpgid(0, 0) = 0 [pid 6197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6197] write(3, "1000", 4) = 4 [pid 6197] close(3) = 0 [pid 6197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6197] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] rt_sigaction(SIGRT_1, {sa_handler=0x7f0376266ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f03762581a0}, NULL, 8) = 0 [pid 6197] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761d7000 [pid 6197] mprotect(0x7f03761d8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761f7990, parent_tid=0x7f03761f7990, exit_signal=0, stack=0x7f03761d7000, stack_size=0x20300, tls=0x7f03761f76c0}./strace-static-x86_64: Process 6198 attached [pid 6198] rseq(0x7f03761f7fe0, 0x20, 0, 0x53053053 [pid 6197] <... clone3 resumed> => {parent_tid=[6198]}, 88) = 6198 [pid 6198] <... rseq resumed>) = 0 [pid 6198] set_robust_list(0x7f03761f79a0, 24 [pid 6197] rt_sigprocmask(SIG_SETMASK, [], [pid 6198] <... set_robust_list resumed>) = 0 [pid 6198] rt_sigprocmask(SIG_SETMASK, [], [pid 6197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6197] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] memfd_create("syzkaller", 0 [pid 6197] <... futex resumed>) = 0 [pid 6198] <... memfd_create resumed>) = 3 [pid 6197] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f036dc00000 [pid 6198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6198] munmap(0x7f036dc00000, 138412032) = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6198] close(3) = 0 [pid 6198] close(4) = 0 [pid 6198] mkdir("./bus", 0777) = 0 [ 248.104089][ T6198] loop0: detected capacity change from 0 to 2048 [pid 6198] mount("/dev/loop0", "./bus", "ext4", 0, ",errors=continue") = 0 [pid 6198] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6198] chdir("./bus") = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6198] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6198] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6197] <... futex resumed>) = 0 [pid 6198] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000 [pid 6197] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... openat resumed>) = 4 [pid 6198] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6198] openat(AT_FDCWD, "./bus", O_RDONLY [pid 6197] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... openat resumed>) = 5 [pid 6197] <... futex resumed>) = 0 [pid 6197] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6197] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC [pid 6197] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... openat resumed>) = 6 [pid 6198] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6198] write(6, "t", 1 [pid 6197] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... write resumed>) = 1 [pid 6198] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6198] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f03762c96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6197] <... futex resumed>) = 0 [pid 6198] sendfile(6, 5, NULL, 131071 [pid 6197] futex(0x7f03762c96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6197] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f03761b6000 [pid 6197] mprotect(0x7f03761b7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6197] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6197] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f03761d6990, parent_tid=0x7f03761d6990, exit_signal=0, stack=0x7f03761b6000, stack_size=0x20300, tls=0x7f03761d66c0}./strace-static-x86_64: Process 6203 attached => {parent_tid=[6203]}, 88) = 6203 [pid 6203] rseq(0x7f03761d6fe0, 0x20, 0, 0x53053053 [pid 6197] rt_sigprocmask(SIG_SETMASK, [], [pid 6203] <... rseq resumed>) = 0 [pid 6197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6203] set_robust_list(0x7f03761d69a0, 24 [pid 6197] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] <... set_robust_list resumed>) = 0 [pid 6197] <... futex resumed>) = 0 [pid 6203] rt_sigprocmask(SIG_SETMASK, [], [pid 6197] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6203] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 6203] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6203] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6197] <... futex resumed>) = 0 [pid 6203] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6197] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6203] <... mmap resumed>) = 0x20000000 [pid 6203] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6203] pipe2( [pid 6197] futex(0x7f03762c96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 Stopping sshd: [ 248.315004][ T6203] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1213: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 248.335097][ T6198] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 6197] futex(0x7f03762c96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6203] <... pipe2 resumed>0x20000240, 0) = -1 EFAULT (Bad address) [pid 6203] futex(0x7f03762c96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6203] futex(0x7f03762c96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] <... sendfile resumed>) = 37 [pid 6198] futex(0x7f03762c96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f03762c96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] exit_group(0 [pid 6203] <... futex resumed>) = ? [pid 6197] <... exit_group resumed>) = ? [pid 6203] +++ exited with 0 +++ [pid 6198] <... futex resumed>) = ? [pid 6198] +++ exited with 0 +++ [pid 6197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6197, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./214", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 248.349169][ T6198] EXT4-fs (loop0): This should not happen!! Data will be lost [ 248.349169][ T6198] [ 248.361746][ T6198] EXT4-fs (loop0): Total free blocks count 0 [ 248.367803][ T6198] EXT4-fs (loop0): Free/Dirty block details [ 248.374680][ T6198] EXT4-fs (loop0): free_blocks=2415919104 [ 248.381070][ T6198] EXT4-fs (loop0): dirty_blocks=16 [ 248.386506][ T6198] EXT4-fs (loop0): Block reservation details [ 248.393577][ T6198] EXT4-fs (loop0): i_reserved_data_blocks=1 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555749a3730 /* 4 entries */, 32768) = 104 [ 248.435858][ T139] ------------[ cut here ]------------ [ 248.441950][ T139] kernel BUG at fs/ext4/inode.c:2563! [ 248.451759][ T139] invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 248.458249][ T139] CPU: 0 PID: 139 Comm: kworker/u8:6 Not tainted 6.9.0-rc6-syzkaller-00042-g50dffbf77180 #0 [ 248.468360][ T139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 248.478458][ T139] Workqueue: writeback wb_workfn (flush-7:0) [ 248.484686][ T139] RIP: 0010:ext4_do_writepages+0x2572/0x3250 [ 248.490788][ T139] Code: 48 c1 ea 03 80 3c 02 00 0f 85 44 0c 00 00 48 c7 44 24 28 8c d7 03 00 48 8b 44 24 08 48 8b 18 e9 c3 dc ff ff e8 8f 7a 47 ff 90 <0f> 0b e8 87 7a 47 ff 48 8b 4c 24 70 41 89 dc 48 b8 00 00 00 00 00 [ 248.510463][ T139] RSP: 0018:ffffc90002d5f2c0 EFLAGS: 00010293 [ 248.516576][ T139] RAX: 0000000000000000 RBX: ffff888076f73250 RCX: ffffffff8246375a [ 248.524587][ T139] RDX: ffff88801afa0000 RSI: ffffffff82464ba1 RDI: 0000000000000007 [ 248.532612][ T139] RBP: ffffc90002d5f4d0 R08: 0000000000000007 R09: 0000000000000000 [ 248.540630][ T139] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000001 [ 248.548643][ T139] R13: ffff88807d07e638 R14: 0000000000000001 R15: 0000000004208060 [ 248.556657][ T139] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 248.565638][ T139] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 248.572265][ T139] CR2: 00007ffe0efe8f98 CR3: 000000007d162000 CR4: 00000000003506f0 [ 248.580370][ T139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 248.588384][ T139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 248.596404][ T139] Call Trace: [ 248.599714][ T139] [ 248.602675][ T139] ? show_regs+0x8c/0xa0 [ 248.607009][ T139] ? die+0x36/0xa0 [ 248.610856][ T139] ? do_trap+0x232/0x430 [ 248.615157][ T139] ? ext4_do_writepages+0x2572/0x3250 [ 248.620581][ T139] ? ext4_do_writepages+0x2572/0x3250 [ 248.626006][ T139] ? do_error_trap+0xf4/0x230 [ 248.630741][ T139] ? ext4_do_writepages+0x2572/0x3250 [ 248.636175][ T139] ? handle_invalid_op+0x34/0x40 [ 248.641177][ T139] ? ext4_do_writepages+0x2572/0x3250 [ 248.646604][ T139] ? exc_invalid_op+0x2e/0x50 [ 248.651510][ T139] ? asm_exc_invalid_op+0x1a/0x20 [ 248.656786][ T139] ? ext4_do_writepages+0x112a/0x3250 [ 248.662232][ T139] ? ext4_do_writepages+0x2571/0x3250 [ 248.667658][ T139] ? ext4_do_writepages+0x2572/0x3250 [ 248.673081][ T139] ? update_sd_lb_stats.constprop.0+0x1f05/0x2f40 [ 248.679633][ T139] ? __lock_acquire+0x14f4/0x3b30 [ 248.684768][ T139] ? __pfx_ext4_do_writepages+0x10/0x10 [ 248.690378][ T139] ext4_writepages+0x303/0x730 [ 248.695199][ T139] ? __pfx_ext4_writepages+0x10/0x10 [ 248.700549][ T139] ? __pfx_ext4_writepages+0x10/0x10 [ 248.705896][ T139] do_writepages+0x1a3/0x7f0 [ 248.710745][ T139] ? __pfx_do_writepages+0x10/0x10 [ 248.715921][ T139] ? reacquire_held_locks+0x20b/0x4c0 [ 248.721362][ T139] ? writeback_sb_inodes+0x34e/0x10d0 [ 248.726803][ T139] ? find_held_lock+0x2d/0x110 umount2("./214/bus", MNT_FORCE|UMOUNT_NOFOLLOWConnection to 10.128.0.201 closed by remote host. [ 248.731622][ T139] ? wbc_attach_and_unlock_inode+0x476/0x94