./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1992909186
<...>
Warning: Permanently added '10.128.1.64' (ED25519) to the list of known hosts.
execve("./syz-executor1992909186", ["./syz-executor1992909186"], 0x7ffed8e01d00 /* 10 vars */) = 0
brk(NULL) = 0x55558e09e000
brk(0x55558e09ed00) = 0x55558e09ed00
arch_prctl(ARCH_SET_FS, 0x55558e09e380) = 0
set_tid_address(0x55558e09e650) = 289
set_robust_list(0x55558e09e660, 24) = 0
rseq(0x55558e09eca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1992909186", 4096) = 28
getrandom("\xa3\x6d\x9b\x52\xd4\xd7\x8d\xdb", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55558e09ed00
brk(0x55558e0bfd00) = 0x55558e0bfd00
brk(0x55558e0c0000) = 0x55558e0c0000
mprotect(0x7f1f18fe7000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
mkdir("./syzkaller.kK1fkX", 0700) = 0
chmod("./syzkaller.kK1fkX", 0777) = 0
chdir("./syzkaller.kK1fkX") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 291
./strace-static-x86_64: Process 291 attached
[pid 291] set_robust_list(0x55558e09e660, 24) = 0
[pid 291] chdir("./0") = 0
[pid 291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 291] setpgid(0, 0) = 0
[pid 291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 291] write(3, "1000", 4) = 4
[pid 291] close(3) = 0
[pid 291] symlink("/dev/binderfs", "./binderfs") = 0
[pid 291] write(1, "executing program\n", 18executing program
) = 18
[pid 291] memfd_create("syzkaller", 0) = 3
[pid 291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 291] munmap(0x7f1f10b34000, 138412032) = 0
[pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 26.992148][ T28] audit: type=1400 audit(1753018615.787:64): avc: denied { execmem } for pid=289 comm="syz-executor199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 27.011966][ T28] audit: type=1400 audit(1753018615.787:65): avc: denied { read write } for pid=289 comm="syz-executor199" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 27.020163][ T291] loop0: detected capacity change from 0 to 1024
[pid 291] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 291] close(3) = 0
[pid 291] close(4) = 0
[pid 291] mkdir("./file1", 0777) = 0
[ 27.036927][ T28] audit: type=1400 audit(1753018615.787:66): avc: denied { open } for pid=289 comm="syz-executor199" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 27.046413][ T291] =======================================================
[ 27.046413][ T291] WARNING: The mand mount option has been deprecated and
[ 27.046413][ T291] and is ignored by this kernel. Remove the mand
[ 27.046413][ T291] option from the mount to silence this warning.
[ 27.046413][ T291] =======================================================
[ 27.068425][ T28] audit: type=1400 audit(1753018615.787:67): avc: denied { ioctl } for pid=289 comm="syz-executor199" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 291] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 291] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 291] chdir("./file1") = 0
[pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 291] ioctl(4, LOOP_CLR_FD) = 0
[pid 291] close(4) = 0
[pid 291] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 27.127378][ T28] audit: type=1400 audit(1753018615.837:68): avc: denied { mounton } for pid=291 comm="syz-executor199" path="/root/syzkaller.kK1fkX/0/file1" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 27.161123][ T291] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.169828][ T28] audit: type=1400 audit(1753018615.967:69): avc: denied { mount } for pid=291 comm="syz-executor199" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 27.185338][ T291] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 27.201749][ T28] audit: type=1400 audit(1753018615.967:70): avc: denied { write } for pid=291 comm="syz-executor199" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 27.206401][ T291] EXT4-fs (loop0): pa ffff88811588a3f0: logic 256, phys. 385, len 8
[pid 291] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 291] ftruncate(4, 7) = 0
[pid 291] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 291] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 291] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 291] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 291] exit_group(0) = ?
[pid 291] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=291, si_uid=0, si_status=0, si_utime=0, si_stime=16} ---
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/lost+found") = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file0") = 0
umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/file0") = 0
umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file1") = 0
umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file2") = 0
umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file3") = 0
umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file.cold") = 0
umount2("./0/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 27.228454][ T28] audit: type=1400 audit(1753018615.967:71): avc: denied { add_name } for pid=291 comm="syz-executor199" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 27.235709][ T291] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 27.257254][ T28] audit: type=1400 audit(1753018615.967:72): avc: denied { create } for pid=291 comm="syz-executor199" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 27.288686][ T289] ==================================================================
[ 27.289312][ T28] audit: type=1400 audit(1753018615.967:73): avc: denied { read append open } for pid=291 comm="syz-executor199" path="/root/syzkaller.kK1fkX/0/file1/memory.stat" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 27.296774][ T289] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x2f43/0x3fb0
[ 27.330864][ T289] Read of size 4 at addr ffff88812590adb8 by task syz-executor199/289
[ 27.339012][ T289]
[ 27.341338][ T289] CPU: 0 PID: 289 Comm: syz-executor199 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[ 27.351486][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 27.361565][ T289] Call Trace:
[ 27.364842][ T289]
[ 27.367772][ T289] __dump_stack+0x21/0x24
[ 27.372117][ T289] dump_stack_lvl+0xee/0x150
[ 27.376730][ T289] ? __cfi_dump_stack_lvl+0x8/0x8
[ 27.381767][ T289] ? ext4_inode_block_valid+0x2d7/0x3f0
[ 27.387331][ T289] ? ext4_ext_remove_space+0x2f43/0x3fb0
[ 27.392980][ T289] print_address_description+0x71/0x210
[ 27.398548][ T289] print_report+0x4a/0x60
[ 27.402914][ T289] kasan_report+0x122/0x150
[ 27.407427][ T289] ? ext4_ext_remove_space+0x2f43/0x3fb0
[ 27.413074][ T289] __asan_report_load4_noabort+0x14/0x20
[ 27.418714][ T289] ext4_ext_remove_space+0x2f43/0x3fb0
[ 27.424183][ T289] ? ext4_es_free_extent+0x3de/0x4c0
[ 27.429474][ T289] ? ext4_es_insert_extent+0x2d70/0x2d70
[ 27.435106][ T289] ? ext4_da_release_space+0x1d6/0x480
[ 27.440561][ T289] ? __cfi_ext4_ext_remove_space+0x10/0x10
[ 27.446376][ T289] ? ext4_es_remove_extent+0x1d9/0x330
[ 27.451836][ T289] ext4_ext_truncate+0x200/0x320
[ 27.456771][ T289] ext4_truncate+0x9a6/0xf90
[ 27.461356][ T289] ? __cfi_ext4_truncate+0x10/0x10
[ 27.466468][ T289] ext4_evict_inode+0xcc3/0x1460
[ 27.471413][ T289] ? _raw_spin_unlock+0x4c/0x70
[ 27.476270][ T289] ? __cfi_ext4_evict_inode+0x10/0x10
[ 27.481672][ T289] ? _raw_spin_unlock+0x4c/0x70
[ 27.486542][ T289] ? inode_io_list_del+0x19b/0x1b0
[ 27.491664][ T289] ? __cfi_ext4_evict_inode+0x10/0x10
[ 27.497052][ T289] evict+0x493/0x890
[ 27.500953][ T289] ? __kasan_check_write+0x14/0x20
[ 27.506074][ T289] ? proc_nr_inodes+0x2f0/0x2f0
[ 27.510926][ T289] ? lockref_put_return+0x152/0x1c0
[ 27.516125][ T289] ? __cfi_lockref_put_return+0x10/0x10
[ 27.521673][ T289] ? __kasan_check_write+0x14/0x20
[ 27.526791][ T289] iput+0x620/0x670
[ 27.530597][ T289] do_unlinkat+0x375/0x6b0
[ 27.535012][ T289] ? __cfi_do_unlinkat+0x10/0x10
[ 27.539948][ T289] ? getname_flags+0x206/0x500
[ 27.544717][ T289] __x64_sys_unlink+0x49/0x50
[ 27.549408][ T289] x64_sys_call+0x958/0x9a0
[ 27.553926][ T289] do_syscall_64+0x4c/0xa0
[ 27.558361][ T289] ? clear_bhb_loop+0x30/0x80
[ 27.563046][ T289] ? clear_bhb_loop+0x30/0x80
[ 27.567815][ T289] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 27.573798][ T289] RIP: 0033:0x7f1f18f72d17
[ 27.578211][ T289] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 27.597819][ T289] RSP: 002b:00007ffdcb3f67b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 27.606242][ T289] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1f18f72d17
[ 27.614216][ T289] RDX: 00007ffdcb3f67e0 RSI: 00007ffdcb3f6870 RDI: 00007ffdcb3f6870
[ 27.622189][ T289] RBP: 00007ffdcb3f6870 R08: 0000000000000000 R09: 0000000000000000
[ 27.630156][ T289] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdcb3f7960
[ 27.638120][ T289] R13: 000055558e0a7700 R14: 431bde82d7b634db R15: 00007ffdcb3f89f0
[ 27.646090][ T289]
[ 27.649105][ T289]
[ 27.651421][ T289] The buggy address belongs to the physical page:
[ 27.657822][ T289] page:ffffea0004964280 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12590a
[ 27.668067][ T289] flags: 0x4000000000000000(zone=1)
[ 27.673324][ T289] raw: 4000000000000000 ffffea00049642c8 ffffea0004964248 0000000000000000
[ 27.681904][ T289] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 27.690475][ T289] page dumped because: kasan: bad access detected
[ 27.696876][ T289] page_owner tracks the page as freed
[ 27.702235][ T289] page last allocated via order 0, migratetype Movable, gfp_mask 0x141cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_WRITE), pid 291, tgid 291 (syz-executor199), ts 27184833871, free_ts 27270323832
[ 27.721084][ T289] post_alloc_hook+0x1f5/0x210
[ 27.725851][ T289] prep_new_page+0x1c/0x110
[ 27.730356][ T289] get_page_from_freelist+0x2c7b/0x2cf0
[ 27.735904][ T289] __alloc_pages+0x19e/0x3a0
[ 27.740497][ T289] __folio_alloc+0x12/0x40
[ 27.744923][ T289] __filemap_get_folio+0x6ec/0x980
[ 27.750039][ T289] pagecache_get_page+0x2b/0x110
[ 27.754977][ T289] grab_cache_page_write_begin+0x43/0x60
[ 27.760614][ T289] ext4_write_begin+0x24b/0xf70
[ 27.765467][ T289] ext4_da_write_begin+0x3e1/0x8b0
[ 27.770574][ T289] generic_perform_write+0x2f6/0x6d0
[ 27.775851][ T289] ext4_buffered_write_iter+0x36f/0x660
[ 27.781391][ T289] ext4_file_write_iter+0x18f/0x13d0
[ 27.786672][ T289] vfs_write+0x5db/0xca0
[ 27.790933][ T289] ksys_write+0x140/0x240
[ 27.795267][ T289] __x64_sys_write+0x7b/0x90
[ 27.799858][ T289] page last free stack trace:
[ 27.804519][ T289] free_unref_page_prepare+0x742/0x750
[ 27.809989][ T289] free_unref_page_list+0xba/0x7c0
[ 27.815096][ T289] release_pages+0xad1/0xb20
[ 27.819688][ T289] __pagevec_release+0x71/0xe0
[ 27.824448][ T289] truncate_inode_pages_range+0x309/0xcc0
[ 27.830167][ T289] truncate_pagecache+0x6c/0x90
[ 27.835006][ T289] ext4_setattr+0xf9b/0x1a50
[ 27.839602][ T289] notify_change+0xcc3/0xf80
[ 27.844192][ T289] do_sys_ftruncate+0x58f/0x7f0
[ 27.849054][ T289] __x64_sys_ftruncate+0x60/0x70
[ 27.853994][ T289] x64_sys_call+0x2f9/0x9a0
[ 27.858496][ T289] do_syscall_64+0x4c/0xa0
[ 27.862910][ T289] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 27.868813][ T289]
[ 27.871141][ T289] Memory state around the buggy address:
[ 27.876761][ T289] ffff88812590ac80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 27.884813][ T289] ffff88812590ad00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
unlink("./0/file1/memory.stat") = 0
umount2("./0/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file1") = -1 EBUSY (Device or resource busy)
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./0/file1") = 0
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558e09e650) = 296
./strace-static-x86_64: Process 296 attached
[pid 296] set_robust_list(0x55558e09e660, 24) = 0
[pid 296] chdir("./1") = 0
[pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 296] setpgid(0, 0) = 0
[pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 296] write(3, "1000", 4) = 4
[pid 296] close(3) = 0
[pid 296] symlink("/dev/binderfs", "./binderfs") = 0
[pid 296] write(1, "executing program\n", 18) = 18
[pid 296] memfd_create("syzkaller", 0) = 3
[pid 296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 296] munmap(0x7f1f10b34000, 138412032) = 0
[pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 27.892873][ T289] >ffff88812590ad80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 27.900939][ T289] ^
[ 27.906821][ T289] ffff88812590ae00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 27.914873][ T289] ffff88812590ae80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 27.922921][ T289] ==================================================================
[ 27.931242][ T289] Disabling lock debugging due to kernel taint
[ 27.940032][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 296] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 296] close(3) = 0
[pid 296] close(4) = 0
[pid 296] mkdir("./file1", 0777) = 0
[pid 296] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 296] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 296] chdir("./file1") = 0
[pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 296] ioctl(4, LOOP_CLR_FD) = 0
[pid 296] close(4) = 0
[pid 296] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 27.957403][ T296] loop0: detected capacity change from 0 to 1024
[ 27.970711][ T296] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 27.991263][ T296] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[pid 296] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 296] ftruncate(4, 7) = 0
[pid 296] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 296] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 296] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 296] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 296] exit_group(0) = ?
[pid 296] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/lost+found") = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file0") = 0
umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./1/file1/file0") = 0
umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file1") = 0
umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file2") = 0
umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file3") = 0
umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file.cold") = 0
umount2("./1/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/memory.stat") = 0
umount2("./1/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file1") = -1 EBUSY (Device or resource busy)
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./1/file1") = 0
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 299
./strace-static-x86_64: Process 299 attached
[pid 299] set_robust_list(0x55558e09e660, 24) = 0
[pid 299] chdir("./2") = 0
[pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 299] setpgid(0, 0) = 0
[pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 299] write(3, "1000", 4) = 4
[pid 299] close(3) = 0
[pid 299] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 299] write(1, "executing program\n", 18) = 18
[pid 299] memfd_create("syzkaller", 0) = 3
[pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 299] munmap(0x7f1f10b34000, 138412032) = 0
[pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.005883][ T296] EXT4-fs (loop0): pa ffff88811588a738: logic 256, phys. 385, len 8
[ 28.014070][ T296] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 28.045657][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 299] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 299] close(3) = 0
[pid 299] close(4) = 0
[pid 299] mkdir("./file1", 0777) = 0
[pid 299] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 299] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 299] chdir("./file1") = 0
[pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 299] ioctl(4, LOOP_CLR_FD) = 0
[pid 299] close(4) = 0
[pid 299] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 28.068180][ T299] loop0: detected capacity change from 0 to 1024
[ 28.080387][ T299] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.101722][ T299] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[pid 299] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 299] ftruncate(4, 7) = 0
[pid 299] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 299] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 299] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 299] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 299] exit_group(0) = ?
[pid 299] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./2/file1/lost+found") = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./2/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file0") = 0
umount2("./2/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./2/file1/file0") = 0
umount2("./2/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file1") = 0
umount2("./2/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file2") = 0
umount2("./2/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file3") = 0
umount2("./2/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file.cold") = 0
umount2("./2/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/memory.stat") = 0
umount2("./2/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file1") = -1 EBUSY (Device or resource busy)
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./2/file1") = 0
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 302
./strace-static-x86_64: Process 302 attached
[pid 302] set_robust_list(0x55558e09e660, 24) = 0
[pid 302] chdir("./3") = 0
[pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 302] setpgid(0, 0) = 0
[pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 302] write(3, "1000", 4) = 4
[pid 302] close(3) = 0
[pid 302] symlink("/dev/binderfs", "./binderfs") = 0
[pid 302] write(1, "executing program\n", 18executing program
) = 18
[pid 302] memfd_create("syzkaller", 0) = 3
[pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 302] munmap(0x7f1f10b34000, 138412032) = 0
[pid 302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 28.116407][ T299] EXT4-fs (loop0): pa ffff88810c67ec78: logic 256, phys. 385, len 8
[ 28.124537][ T299] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 28.154843][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 302] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 302] close(3) = 0
[pid 302] close(4) = 0
[pid 302] mkdir("./file1", 0777) = 0
[pid 302] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 302] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 302] chdir("./file1") = 0
[pid 302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 302] ioctl(4, LOOP_CLR_FD) = 0
[pid 302] close(4) = 0
[pid 302] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 28.178615][ T302] loop0: detected capacity change from 0 to 1024
[ 28.190680][ T302] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.212354][ T302] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[pid 302] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 302] ftruncate(4, 7) = 0
[pid 302] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 302] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 302] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 302] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 302] exit_group(0) = ?
[pid 302] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./3/file1/lost+found") = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./3/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file0") = 0
umount2("./3/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./3/file1/file0") = 0
umount2("./3/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file1") = 0
umount2("./3/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file2") = 0
umount2("./3/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file3") = 0
umount2("./3/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file.cold") = 0
umount2("./3/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 28.226923][ T302] EXT4-fs (loop0): pa ffff88810c67ea80: logic 256, phys. 385, len 8
[ 28.234946][ T302] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 28.263256][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 122335406689760, count = 16
[ 28.278343][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 122335406681453, count = 8312
[ 28.293507][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 122335406681440, count = 16
[ 28.308487][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 121364300206800, count = 16
[ 28.323654][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 121364300179828, count = 26988
[ 28.338910][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 121364300179824, count = 16
[ 28.353853][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 71640814284976, count = 16
[ 28.368758][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 71640814276675, count = 8306
unlink("./3/file1/memory.stat") = 0
umount2("./3/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file1") = -1 EBUSY (Device or resource busy)
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./3/file1") = 0
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 305
./strace-static-x86_64: Process 305 attached
[pid 305] set_robust_list(0x55558e09e660, 24) = 0
[pid 305] chdir("./4") = 0
[pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 305] setpgid(0, 0) = 0
[pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 305] write(3, "1000", 4) = 4
[pid 305] close(3) = 0
[pid 305] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 305] write(1, "executing program\n", 18) = 18
[pid 305] memfd_create("syzkaller", 0) = 3
[pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 305] munmap(0x7f1f10b34000, 138412032) = 0
[pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 305] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 305] close(3) = 0
[pid 305] close(4) = 0
[pid 305] mkdir("./file1", 0777) = 0
[ 28.926674][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 28.951298][ T305] loop0: detected capacity change from 0 to 1024
[pid 305] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 305] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 305] chdir("./file1") = 0
[pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 305] ioctl(4, LOOP_CLR_FD) = 0
[pid 305] close(4) = 0
[pid 305] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 305] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 305] ftruncate(4, 7) = 0
[pid 305] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 305] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 305] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 305] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 305] exit_group(0) = ?
[pid 305] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./4/file1/lost+found") = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./4/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file0") = 0
umount2("./4/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./4/file1/file0") = 0
umount2("./4/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file1") = 0
umount2("./4/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file2") = 0
umount2("./4/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file3") = 0
umount2("./4/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file.cold") = 0
umount2("./4/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/memory.stat") = 0
umount2("./4/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file1") = -1 EBUSY (Device or resource busy)
[ 28.970586][ T305] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 28.990996][ T305] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.005586][ T305] EXT4-fs (loop0): pa ffff88810c4faf18: logic 256, phys. 385, len 8
[ 29.013629][ T305] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./4/file1") = 0
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 308
./strace-static-x86_64: Process 308 attached
[pid 308] set_robust_list(0x55558e09e660, 24) = 0
[pid 308] chdir("./5") = 0
[pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 308] setpgid(0, 0) = 0
[pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 308] write(3, "1000", 4) = 4
[pid 308] close(3) = 0
[pid 308] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 308] write(1, "executing program\n", 18) = 18
[pid 308] memfd_create("syzkaller", 0) = 3
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 308] munmap(0x7f1f10b34000, 138412032) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 308] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 308] close(3) = 0
[pid 308] close(4) = 0
[pid 308] mkdir("./file1", 0777) = 0
[pid 308] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 308] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 308] chdir("./file1") = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 308] ioctl(4, LOOP_CLR_FD) = 0
[pid 308] close(4) = 0
[pid 308] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.041051][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.061122][ T308] loop0: detected capacity change from 0 to 1024
[ 29.080374][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 308] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 308] ftruncate(4, 7) = 0
[pid 308] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 308] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 308] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 308] exit_group(0) = ?
[pid 308] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./5/file1/lost+found") = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./5/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file0") = 0
umount2("./5/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./5/file1/file0") = 0
umount2("./5/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file1") = 0
umount2("./5/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file2") = 0
umount2("./5/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file3") = 0
umount2("./5/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file.cold") = 0
umount2("./5/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/memory.stat") = 0
umount2("./5/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file1") = -1 EBUSY (Device or resource busy)
[ 29.100778][ T308] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.115362][ T308] EXT4-fs (loop0): pa ffff88810fd08000: logic 256, phys. 385, len 8
[ 29.123465][ T308] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./5/file1") = 0
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 311
./strace-static-x86_64: Process 311 attached
[pid 311] set_robust_list(0x55558e09e660, 24) = 0
[pid 311] chdir("./6") = 0
[pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 311] setpgid(0, 0) = 0
[pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 311] write(3, "1000", 4) = 4
[pid 311] close(3) = 0
[pid 311] symlink("/dev/binderfs", "./binderfs") = 0
[pid 311] write(1, "executing program\n", 18executing program
) = 18
[pid 311] memfd_create("syzkaller", 0) = 3
[pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 311] munmap(0x7f1f10b34000, 138412032) = 0
[pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 311] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 311] close(3) = 0
[pid 311] close(4) = 0
[pid 311] mkdir("./file1", 0777) = 0
[pid 311] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 311] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 311] chdir("./file1") = 0
[pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 311] ioctl(4, LOOP_CLR_FD) = 0
[pid 311] close(4) = 0
[pid 311] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.159301][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.183019][ T311] loop0: detected capacity change from 0 to 1024
[ 29.200768][ T311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 311] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 311] ftruncate(4, 7) = 0
[pid 311] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 311] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 311] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 311] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 311] exit_group(0) = ?
[pid 311] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./6/file1/lost+found") = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./6/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file0") = 0
umount2("./6/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./6/file1/file0") = 0
umount2("./6/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file1") = 0
umount2("./6/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file2") = 0
umount2("./6/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file3") = 0
umount2("./6/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file.cold") = 0
umount2("./6/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/memory.stat") = 0
umount2("./6/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file1") = -1 EBUSY (Device or resource busy)
[ 29.221077][ T311] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.235660][ T311] EXT4-fs (loop0): pa ffff88810ff4ea80: logic 256, phys. 385, len 8
[ 29.243690][ T311] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./6/file1") = 0
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 314
./strace-static-x86_64: Process 314 attached
[pid 314] set_robust_list(0x55558e09e660, 24) = 0
[pid 314] chdir("./7") = 0
[pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 314] setpgid(0, 0) = 0
[pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 314] write(3, "1000", 4) = 4
[pid 314] close(3) = 0
[pid 314] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 314] write(1, "executing program\n", 18) = 18
[pid 314] memfd_create("syzkaller", 0) = 3
[pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 314] munmap(0x7f1f10b34000, 138412032) = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 314] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 314] close(3) = 0
[pid 314] close(4) = 0
[pid 314] mkdir("./file1", 0777) = 0
[pid 314] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 314] chdir("./file1") = 0
[pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 314] ioctl(4, LOOP_CLR_FD) = 0
[pid 314] close(4) = 0
[pid 314] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.271649][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.292454][ T314] loop0: detected capacity change from 0 to 1024
[ 29.311024][ T314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 314] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 314] ftruncate(4, 7) = 0
[pid 314] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 314] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 314] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 314] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 314] exit_group(0) = ?
[pid 314] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./7/file1/lost+found") = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./7/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file0") = 0
umount2("./7/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./7/file1/file0") = 0
umount2("./7/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file1") = 0
umount2("./7/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file2") = 0
umount2("./7/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file3") = 0
umount2("./7/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file.cold") = 0
umount2("./7/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/memory.stat") = 0
umount2("./7/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file1") = -1 EBUSY (Device or resource busy)
[ 29.332196][ T314] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.346776][ T314] EXT4-fs (loop0): pa ffff88810ff4e150: logic 256, phys. 385, len 8
[ 29.354798][ T314] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./7/file1") = 0
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 317
./strace-static-x86_64: Process 317 attached
executing program
[pid 317] set_robust_list(0x55558e09e660, 24) = 0
[pid 317] chdir("./8") = 0
[pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 317] setpgid(0, 0) = 0
[pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 317] write(3, "1000", 4) = 4
[pid 317] close(3) = 0
[pid 317] symlink("/dev/binderfs", "./binderfs") = 0
[pid 317] write(1, "executing program\n", 18) = 18
[pid 317] memfd_create("syzkaller", 0) = 3
[pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 317] munmap(0x7f1f10b34000, 138412032) = 0
[pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 317] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 317] close(3) = 0
[pid 317] close(4) = 0
[pid 317] mkdir("./file1", 0777) = 0
[pid 317] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 317] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 317] chdir("./file1") = 0
[pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 317] ioctl(4, LOOP_CLR_FD) = 0
[pid 317] close(4) = 0
[pid 317] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.387411][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.406696][ T317] loop0: detected capacity change from 0 to 1024
[ 29.421158][ T317] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 317] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 317] ftruncate(4, 7) = 0
[pid 317] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 317] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 317] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 317] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 317] exit_group(0) = ?
[pid 317] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./8/file1/lost+found") = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./8/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file0") = 0
umount2("./8/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./8/file1/file0") = 0
umount2("./8/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file1") = 0
umount2("./8/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file2") = 0
umount2("./8/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file3") = 0
umount2("./8/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file.cold") = 0
umount2("./8/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/memory.stat") = 0
umount2("./8/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file1") = -1 EBUSY (Device or resource busy)
[ 29.442592][ T317] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.457209][ T317] EXT4-fs (loop0): pa ffff88810ff4e0a8: logic 256, phys. 385, len 8
[ 29.465248][ T317] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./8/file1") = 0
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 321
./strace-static-x86_64: Process 321 attached
[pid 321] set_robust_list(0x55558e09e660, 24) = 0
[pid 321] chdir("./9") = 0
[pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 321] setpgid(0, 0) = 0
[pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 321] write(3, "1000", 4) = 4
[pid 321] close(3) = 0
[pid 321] symlink("/dev/binderfs", "./binderfs") = 0
[pid 321] write(1, "executing program\n", 18) = 18
[pid 321] memfd_create("syzkaller", 0) = 3
[pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 321] munmap(0x7f1f10b34000, 138412032) = 0
[pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 321] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 321] close(3) = 0
[pid 321] close(4) = 0
[pid 321] mkdir("./file1", 0777) = 0
[pid 321] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 321] chdir("./file1") = 0
[pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 321] ioctl(4, LOOP_CLR_FD) = 0
[pid 321] close(4) = 0
[pid 321] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.501417][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.518233][ T321] loop0: detected capacity change from 0 to 1024
[ 29.530579][ T321] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 321] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 321] ftruncate(4, 7) = 0
[pid 321] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 321] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 321] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 321] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 321] exit_group(0) = ?
[pid 321] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./9/file1/lost+found") = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./9/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file0") = 0
umount2("./9/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./9/file1/file0") = 0
umount2("./9/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file1") = 0
umount2("./9/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file2") = 0
umount2("./9/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file3") = 0
umount2("./9/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file.cold") = 0
umount2("./9/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/memory.stat") = 0
umount2("./9/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file1") = -1 EBUSY (Device or resource busy)
[ 29.550875][ T321] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.565644][ T321] EXT4-fs (loop0): pa ffff88810ff4e888: logic 256, phys. 385, len 8
[ 29.574216][ T321] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./9/file1") = 0
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 324
./strace-static-x86_64: Process 324 attached
[pid 324] set_robust_list(0x55558e09e660, 24) = 0
[pid 324] chdir("./10") = 0
[pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 324] setpgid(0, 0) = 0
[pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid 324] write(3, "1000", 4) = 4
[pid 324] close(3) = 0
[pid 324] symlink("/dev/binderfs", "./binderfs") = 0
[pid 324] write(1, "executing program\n", 18) = 18
[pid 324] memfd_create("syzkaller", 0) = 3
[pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 324] munmap(0x7f1f10b34000, 138412032) = 0
[pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 324] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 324] close(3) = 0
[pid 324] close(4) = 0
[pid 324] mkdir("./file1", 0777) = 0
[pid 324] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 324] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 324] chdir("./file1") = 0
[pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 324] ioctl(4, LOOP_CLR_FD) = 0
[pid 324] close(4) = 0
[pid 324] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.606503][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.625548][ T324] loop0: detected capacity change from 0 to 1024
[ 29.640450][ T324] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 324] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 324] ftruncate(4, 7) = 0
[pid 324] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 324] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 324] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 324] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 324] exit_group(0) = ?
[pid 324] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./10/file1/lost+found") = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./10/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file0") = 0
umount2("./10/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./10/file1/file0") = 0
umount2("./10/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file1") = 0
umount2("./10/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file2") = 0
umount2("./10/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file3") = 0
umount2("./10/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file.cold") = 0
umount2("./10/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/memory.stat") = 0
umount2("./10/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./10/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file1") = -1 EBUSY (Device or resource busy)
[ 29.661918][ T324] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.676533][ T324] EXT4-fs (loop0): pa ffff88810fd29540: logic 256, phys. 385, len 8
[ 29.684549][ T324] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./10/file1") = 0
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 327
./strace-static-x86_64: Process 327 attached
[pid 327] set_robust_list(0x55558e09e660, 24) = 0
[pid 327] chdir("./11") = 0
[pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 327] setpgid(0, 0) = 0
[pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 327] write(3, "1000", 4) = 4
[pid 327] close(3) = 0
[pid 327] symlink("/dev/binderfs", "./binderfs") = 0
[pid 327] write(1, "executing program\n", 18) = 18
[pid 327] memfd_create("syzkaller", 0) = 3
[pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 327] munmap(0x7f1f10b34000, 138412032) = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 327] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 327] close(3) = 0
[pid 327] close(4) = 0
[pid 327] mkdir("./file1", 0777) = 0
[pid 327] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 327] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 327] chdir("./file1") = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 327] ioctl(4, LOOP_CLR_FD) = 0
[pid 327] close(4) = 0
[pid 327] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.718285][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.738693][ T327] loop0: detected capacity change from 0 to 1024
[ 29.750911][ T327] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 327] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 327] ftruncate(4, 7) = 0
[pid 327] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 327] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 327] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 327] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 327] exit_group(0) = ?
[pid 327] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./11/file1/lost+found") = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./11/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file0") = 0
umount2("./11/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./11/file1/file0") = 0
umount2("./11/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file1") = 0
umount2("./11/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file2") = 0
umount2("./11/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file3") = 0
umount2("./11/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file.cold") = 0
umount2("./11/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/memory.stat") = 0
umount2("./11/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./11/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file1") = -1 EBUSY (Device or resource busy)
[ 29.771099][ T327] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.785680][ T327] EXT4-fs (loop0): pa ffff88810ff80738: logic 256, phys. 385, len 8
[ 29.793691][ T327] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./11/file1") = 0
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 330
./strace-static-x86_64: Process 330 attached
[pid 330] set_robust_list(0x55558e09e660, 24) = 0
[pid 330] chdir("./12") = 0
[pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 330] setpgid(0, 0) = 0
[pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 330] write(3, "1000", 4) = 4
[pid 330] close(3) = 0
[pid 330] symlink("/dev/binderfs", "./binderfs") = 0
[pid 330] write(1, "executing program\n", 18executing program
) = 18
[pid 330] memfd_create("syzkaller", 0) = 3
[pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 330] munmap(0x7f1f10b34000, 138412032) = 0
[pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 330] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 330] close(3) = 0
[pid 330] close(4) = 0
[pid 330] mkdir("./file1", 0777) = 0
[pid 330] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 330] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 330] chdir("./file1") = 0
[pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 330] ioctl(4, LOOP_CLR_FD) = 0
[pid 330] close(4) = 0
[pid 330] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.821778][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.845022][ T330] loop0: detected capacity change from 0 to 1024
[ 29.860713][ T330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 330] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 330] ftruncate(4, 7) = 0
[pid 330] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 330] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 330] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 330] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 330] exit_group(0) = ?
[pid 330] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./12/file1/lost+found") = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./12/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file0") = 0
umount2("./12/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./12/file1/file0") = 0
umount2("./12/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file1") = 0
umount2("./12/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file2") = 0
umount2("./12/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file3") = 0
umount2("./12/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file.cold") = 0
umount2("./12/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/memory.stat") = 0
umount2("./12/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./12/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file1") = -1 EBUSY (Device or resource busy)
[ 29.882322][ T330] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 29.896864][ T330] EXT4-fs (loop0): pa ffff88810ffc12a0: logic 256, phys. 385, len 8
[ 29.904906][ T330] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./12/file1") = 0
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 333
./strace-static-x86_64: Process 333 attached
[pid 333] set_robust_list(0x55558e09e660, 24) = 0
[pid 333] chdir("./13") = 0
[pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 333] setpgid(0, 0) = 0
[pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 333] write(3, "1000", 4) = 4
[pid 333] close(3) = 0
[pid 333] symlink("/dev/binderfs", "./binderfs") = 0
[pid 333] write(1, "executing program\n", 18) = 18
[pid 333] memfd_create("syzkaller", 0) = 3
[pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 333] munmap(0x7f1f10b34000, 138412032) = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 333] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 333] close(3) = 0
[pid 333] close(4) = 0
[pid 333] mkdir("./file1", 0777) = 0
[pid 333] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 333] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 333] chdir("./file1") = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 333] ioctl(4, LOOP_CLR_FD) = 0
[pid 333] close(4) = 0
[pid 333] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 29.938393][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 29.955247][ T333] loop0: detected capacity change from 0 to 1024
[ 29.970354][ T333] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 333] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 333] ftruncate(4, 7) = 0
[pid 333] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 333] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 333] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 333] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 333] exit_group(0) = ?
[pid 333] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./13/file1/lost+found") = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./13/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file0") = 0
umount2("./13/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./13/file1/file0") = 0
umount2("./13/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file1") = 0
umount2("./13/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file2") = 0
umount2("./13/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file3") = 0
umount2("./13/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file.cold") = 0
umount2("./13/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/memory.stat") = 0
umount2("./13/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./13/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file1") = -1 EBUSY (Device or resource busy)
[ 29.992099][ T333] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.006801][ T333] EXT4-fs (loop0): pa ffff88810ff9c5e8: logic 256, phys. 385, len 8
[ 30.014837][ T333] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./13/file1") = 0
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 336
./strace-static-x86_64: Process 336 attached
[pid 336] set_robust_list(0x55558e09e660, 24) = 0
executing program
[pid 336] chdir("./14") = 0
[pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 336] setpgid(0, 0) = 0
[pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 336] write(3, "1000", 4) = 4
[pid 336] close(3) = 0
[pid 336] symlink("/dev/binderfs", "./binderfs") = 0
[pid 336] write(1, "executing program\n", 18) = 18
[pid 336] memfd_create("syzkaller", 0) = 3
[pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 336] munmap(0x7f1f10b34000, 138412032) = 0
[pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 336] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 336] close(3) = 0
[pid 336] close(4) = 0
[pid 336] mkdir("./file1", 0777) = 0
[pid 336] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 336] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 336] chdir("./file1") = 0
[pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 336] ioctl(4, LOOP_CLR_FD) = 0
[pid 336] close(4) = 0
[pid 336] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 30.044887][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 30.066560][ T336] loop0: detected capacity change from 0 to 1024
[ 30.080575][ T336] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 336] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 336] ftruncate(4, 7) = 0
[pid 336] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 336] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 336] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 336] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 336] exit_group(0) = ?
[pid 336] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./14/file1/lost+found") = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./14/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file0") = 0
umount2("./14/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./14/file1/file0") = 0
umount2("./14/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file1") = 0
umount2("./14/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file2") = 0
umount2("./14/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file3") = 0
umount2("./14/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file.cold") = 0
umount2("./14/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/memory.stat") = 0
umount2("./14/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./14/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file1") = -1 EBUSY (Device or resource busy)
[ 30.102863][ T336] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.117422][ T336] EXT4-fs (loop0): pa ffff88810ff9c7e0: logic 256, phys. 385, len 8
[ 30.125466][ T336] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./14/file1") = 0
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 339
./strace-static-x86_64: Process 339 attached
[pid 339] set_robust_list(0x55558e09e660, 24) = 0
[pid 339] chdir("./15") = 0
[pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 339] setpgid(0, 0) = 0
[pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 339] write(3, "1000", 4) = 4
[pid 339] close(3) = 0
[pid 339] symlink("/dev/binderfs", "./binderfs") = 0
[pid 339] write(1, "executing program\n", 18) = 18
[pid 339] memfd_create("syzkaller", 0) = 3
[pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 339] munmap(0x7f1f10b34000, 138412032) = 0
[pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 339] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 339] close(3) = 0
[pid 339] close(4) = 0
[pid 339] mkdir("./file1", 0777) = 0
[pid 339] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 339] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 339] chdir("./file1") = 0
[pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 339] ioctl(4, LOOP_CLR_FD) = 0
[pid 339] close(4) = 0
[pid 339] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 30.153195][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 30.174695][ T339] loop0: detected capacity change from 0 to 1024
[ 30.190467][ T339] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 339] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 339] ftruncate(4, 7) = 0
[pid 339] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 339] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 339] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 339] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 339] exit_group(0) = ?
[pid 339] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./15/file1/lost+found") = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./15/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file0") = 0
umount2("./15/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./15/file1/file0") = 0
umount2("./15/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file1") = 0
umount2("./15/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file2") = 0
umount2("./15/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file3") = 0
umount2("./15/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file.cold") = 0
umount2("./15/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/memory.stat") = 0
umount2("./15/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./15/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file1") = -1 EBUSY (Device or resource busy)
[ 30.211692][ T339] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.226284][ T339] EXT4-fs (loop0): pa ffff88810ff9cc78: logic 256, phys. 385, len 8
[ 30.234340][ T339] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./15/file1") = 0
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 342
./strace-static-x86_64: Process 342 attached
[pid 342] set_robust_list(0x55558e09e660, 24) = 0
executing program
[pid 342] chdir("./16") = 0
[pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 342] setpgid(0, 0) = 0
[pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 342] write(3, "1000", 4) = 4
[pid 342] close(3) = 0
[pid 342] symlink("/dev/binderfs", "./binderfs") = 0
[pid 342] write(1, "executing program\n", 18) = 18
[pid 342] memfd_create("syzkaller", 0) = 3
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 342] munmap(0x7f1f10b34000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 342] close(3) = 0
[pid 342] close(4) = 0
[pid 342] mkdir("./file1", 0777) = 0
[pid 342] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 342] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 342] chdir("./file1") = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_CLR_FD) = 0
[pid 342] close(4) = 0
[pid 342] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 30.264615][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 30.282206][ T342] loop0: detected capacity change from 0 to 1024
[ 30.300419][ T342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 342] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 342] ftruncate(4, 7) = 0
[pid 342] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 342] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 342] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 342] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 342] exit_group(0) = ?
[pid 342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./16/file1/lost+found") = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./16/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file0") = 0
umount2("./16/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./16/file1/file0") = 0
umount2("./16/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file1") = 0
umount2("./16/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file2") = 0
umount2("./16/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file3") = 0
umount2("./16/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file.cold") = 0
umount2("./16/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/memory.stat") = 0
umount2("./16/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./16/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file1") = -1 EBUSY (Device or resource busy)
[ 30.321470][ T342] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.336093][ T342] EXT4-fs (loop0): pa ffff888125c109d8: logic 256, phys. 385, len 8
[ 30.344111][ T342] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./16/file1") = 0
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 345
./strace-static-x86_64: Process 345 attached
[pid 345] set_robust_list(0x55558e09e660, 24) = 0
[pid 345] chdir("./17") = 0
executing program
[pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 345] setpgid(0, 0) = 0
[pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 345] write(3, "1000", 4) = 4
[pid 345] close(3) = 0
[pid 345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 345] write(1, "executing program\n", 18) = 18
[pid 345] memfd_create("syzkaller", 0) = 3
[pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 345] munmap(0x7f1f10b34000, 138412032) = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 345] close(3) = 0
[pid 345] close(4) = 0
[pid 345] mkdir("./file1", 0777) = 0
[pid 345] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 345] chdir("./file1") = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_CLR_FD) = 0
[pid 345] close(4) = 0
[pid 345] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 30.379288][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 30.401610][ T345] loop0: detected capacity change from 0 to 1024
[ 30.420915][ T345] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 345] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 345] ftruncate(4, 7) = 0
[pid 345] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 345] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 345] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 345] exit_group(0) = ?
[pid 345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./17/file1/lost+found") = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./17/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file0") = 0
umount2("./17/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./17/file1/file0") = 0
umount2("./17/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file1") = 0
umount2("./17/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file2") = 0
umount2("./17/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file3") = 0
umount2("./17/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file.cold") = 0
umount2("./17/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/memory.stat") = 0
umount2("./17/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./17/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file1") = -1 EBUSY (Device or resource busy)
[ 30.443566][ T345] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.458207][ T345] EXT4-fs (loop0): pa ffff88810ffc1000: logic 256, phys. 385, len 8
[ 30.466246][ T345] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./17/file1") = 0
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x55558e09e660, 24) = 0
[pid 348] chdir("./18") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] close(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] write(1, "executing program\n", 18) = 18
[pid 348] memfd_create("syzkaller", 0) = 3
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 348] munmap(0x7f1f10b34000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 348] close(3) = 0
[pid 348] close(4) = 0
[pid 348] mkdir("./file1", 0777) = 0
[pid 348] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 348] chdir("./file1") = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_CLR_FD) = 0
[pid 348] close(4) = 0
[pid 348] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 30.504594][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 30.521784][ T348] loop0: detected capacity change from 0 to 1024
[ 30.540324][ T348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 348] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 348] ftruncate(4, 7) = 0
[pid 348] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 348] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 348] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./18/file1/lost+found") = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./18/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file0") = 0
umount2("./18/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./18/file1/file0") = 0
umount2("./18/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file1") = 0
umount2("./18/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file2") = 0
umount2("./18/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file3") = 0
umount2("./18/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file.cold") = 0
umount2("./18/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/memory.stat") = 0
umount2("./18/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./18/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file1") = -1 EBUSY (Device or resource busy)
[ 30.561326][ T348] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.575973][ T348] EXT4-fs (loop0): pa ffff88810ffe3e70: logic 256, phys. 385, len 8
[ 30.584545][ T348] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./18/file1") = 0
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 351
./strace-static-x86_64: Process 351 attached
[pid 351] set_robust_list(0x55558e09e660, 24) = 0
[pid 351] chdir("./19") = 0
[pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 351] setpgid(0, 0) = 0
[pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 351] write(3, "1000", 4) = 4
[pid 351] close(3) = 0
[pid 351] symlink("/dev/binderfs", "./binderfs") = 0
[pid 351] write(1, "executing program\n", 18) = 18
[pid 351] memfd_create("syzkaller", 0) = 3
[pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 351] munmap(0x7f1f10b34000, 138412032) = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 351] close(3) = 0
[pid 351] close(4) = 0
[pid 351] mkdir("./file1", 0777) = 0
[pid 351] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 351] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 351] chdir("./file1") = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_CLR_FD) = 0
[pid 351] close(4) = 0
[pid 351] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 30.615475][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 30.632946][ T351] loop0: detected capacity change from 0 to 1024
[ 30.650433][ T351] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 351] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 351] ftruncate(4, 7) = 0
[pid 351] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 351] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 351] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 351] exit_group(0) = ?
[pid 351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./19/file1/lost+found") = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./19/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file0") = 0
umount2("./19/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./19/file1/file0") = 0
umount2("./19/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file1") = 0
umount2("./19/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file2") = 0
umount2("./19/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file3") = 0
umount2("./19/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file.cold") = 0
umount2("./19/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/memory.stat") = 0
umount2("./19/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./19/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file1") = -1 EBUSY (Device or resource busy)
[ 30.671668][ T351] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.686391][ T351] EXT4-fs (loop0): pa ffff888125c322a0: logic 256, phys. 385, len 8
[ 30.694534][ T351] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./19/file1") = 0
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x55558e09e660, 24) = 0
[pid 354] chdir("./20") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] close(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 354] write(1, "executing program\n", 18executing program
) = 18
[pid 354] memfd_create("syzkaller", 0) = 3
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 354] munmap(0x7f1f10b34000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 354] close(3) = 0
[pid 354] close(4) = 0
[pid 354] mkdir("./file1", 0777) = 0
[pid 354] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 354] chdir("./file1") = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_CLR_FD) = 0
[pid 354] close(4) = 0
[pid 354] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 30.727449][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 30.747147][ T354] loop0: detected capacity change from 0 to 1024
[ 30.760495][ T354] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 354] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 354] ftruncate(4, 7) = 0
[pid 354] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 354] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 354] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./20/file1/lost+found") = 0
umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./20/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/file0") = 0
umount2("./20/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./20/file1/file0") = 0
umount2("./20/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file1") = 0
umount2("./20/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file2") = 0
umount2("./20/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file3") = 0
umount2("./20/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/file.cold") = 0
umount2("./20/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/memory.stat") = 0
umount2("./20/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./20/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file1") = -1 EBUSY (Device or resource busy)
[ 30.781200][ T354] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.795760][ T354] EXT4-fs (loop0): pa ffff88810ffe3000: logic 256, phys. 385, len 8
[ 30.803772][ T354] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./20/file1") = 0
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 357
./strace-static-x86_64: Process 357 attached
[pid 357] set_robust_list(0x55558e09e660, 24) = 0
[pid 357] chdir("./21") = 0
[pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 357] setpgid(0, 0) = 0
[pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 357] write(3, "1000", 4) = 4
[pid 357] close(3) = 0
[pid 357] symlink("/dev/binderfs", "./binderfs") = 0
[pid 357] write(1, "executing program\n", 18executing program
) = 18
[pid 357] memfd_create("syzkaller", 0) = 3
[pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 357] munmap(0x7f1f10b34000, 138412032) = 0
[pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 357] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 357] close(3) = 0
[pid 357] close(4) = 0
[pid 357] mkdir("./file1", 0777) = 0
[pid 357] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 357] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 357] chdir("./file1") = 0
[pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 357] ioctl(4, LOOP_CLR_FD) = 0
[pid 357] close(4) = 0
[pid 357] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 30.832217][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 30.856048][ T357] loop0: detected capacity change from 0 to 1024
[ 30.870540][ T357] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 357] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 357] ftruncate(4, 7) = 0
[pid 357] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 357] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 357] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 357] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 357] exit_group(0) = ?
[pid 357] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./21/file1/lost+found") = 0
umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./21/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/file0") = 0
umount2("./21/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./21/file1/file0") = 0
umount2("./21/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file1") = 0
umount2("./21/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file2") = 0
umount2("./21/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file3") = 0
umount2("./21/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/file.cold") = 0
umount2("./21/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 30.892138][ T357] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 30.906709][ T357] EXT4-fs (loop0): pa ffff88810ffe3dc8: logic 256, phys. 385, len 8
[ 30.914772][ T357] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 30.943505][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 128647289814690, count = 0
[ 30.958556][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 128647289814688, count = 16
[ 30.973640][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 16930761131024, count = 16
[ 30.988533][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 16930761098271, count = 32767
[ 31.003888][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 16930761098256, count = 16
[ 31.018799][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 260798975181680, count = 16
[ 31.033876][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 260798975157224, count = 24457
[ 31.049177][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 260798975157216, count = 16
unlink("./21/file1/memory.stat") = 0
umount2("./21/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./21/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file1") = -1 EBUSY (Device or resource busy)
umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./21/file1") = 0
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 360
./strace-static-x86_64: Process 360 attached
[pid 360] set_robust_list(0x55558e09e660, 24) = 0
[pid 360] chdir("./22") = 0
[pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 360] setpgid(0, 0) = 0
[pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 360] write(3, "1000", 4) = 4
[pid 360] close(3) = 0
[pid 360] symlink("/dev/binderfs", "./binderfs") = 0
[pid 360] write(1, "executing program\n", 18executing program
) = 18
[pid 360] memfd_create("syzkaller", 0) = 3
[pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 360] munmap(0x7f1f10b34000, 138412032) = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 360] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 360] close(3) = 0
[pid 360] close(4) = 0
[pid 360] mkdir("./file1", 0777) = 0
[ 31.628278][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 31.666435][ T360] loop0: detected capacity change from 0 to 1024
[pid 360] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 360] chdir("./file1") = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 360] ioctl(4, LOOP_CLR_FD) = 0
[pid 360] close(4) = 0
[pid 360] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 31.680432][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 31.701924][ T360] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 31.716503][ T360] EXT4-fs (loop0): pa ffff888125c9b1f8: logic 256, phys. 385, len 8
[pid 360] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 360] ftruncate(4, 7) = 0
[pid 360] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 360] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 360] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 360] exit_group(0) = ?
[pid 360] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./22/file1/lost+found") = 0
umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./22/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/file0") = 0
umount2("./22/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./22/file1/file0") = 0
umount2("./22/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file1") = 0
umount2("./22/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file2") = 0
umount2("./22/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file3") = 0
umount2("./22/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/file.cold") = 0
umount2("./22/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/memory.stat") = 0
umount2("./22/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./22/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file1") = -1 EBUSY (Device or resource busy)
[ 31.724516][ T360] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./22/file1") = 0
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 363
./strace-static-x86_64: Process 363 attached
[pid 363] set_robust_list(0x55558e09e660, 24) = 0
[pid 363] chdir("./23") = 0
[pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 363] setpgid(0, 0) = 0
[pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 363] write(3, "1000", 4) = 4
[pid 363] close(3) = 0
[pid 363] symlink("/dev/binderfs", "./binderfs") = 0
[pid 363] write(1, "executing program\n", 18executing program
) = 18
[pid 363] memfd_create("syzkaller", 0) = 3
[pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 363] munmap(0x7f1f10b34000, 138412032) = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 363] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 363] close(3) = 0
[pid 363] close(4) = 0
[pid 363] mkdir("./file1", 0777) = 0
[pid 363] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 363] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 363] chdir("./file1") = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 363] ioctl(4, LOOP_CLR_FD) = 0
[pid 363] close(4) = 0
[pid 363] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 31.755596][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 31.779414][ T363] loop0: detected capacity change from 0 to 1024
[ 31.790908][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 363] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 363] ftruncate(4, 7) = 0
[pid 363] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 363] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 363] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 363] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 363] exit_group(0) = ?
[pid 363] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./23/file1/lost+found") = 0
umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./23/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/file0") = 0
umount2("./23/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./23/file1/file0") = 0
umount2("./23/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file1") = 0
umount2("./23/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file2") = 0
umount2("./23/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file3") = 0
umount2("./23/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/file.cold") = 0
umount2("./23/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 31.810959][ T363] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 31.825478][ T363] EXT4-fs (loop0): pa ffff888125c9b540: logic 256, phys. 385, len 8
[ 31.833486][ T363] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 31.866199][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 79530314483168, count = 16
[ 31.881151][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 79530314466445, count = 16724
[ 31.896295][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 79530314466432, count = 16
[ 31.911289][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 280749113632192, count = 16
[ 31.926257][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 280749113615476, count = 16725
[ 31.941505][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 280749113615472, count = 16
unlink("./23/file1/memory.stat") = 0
umount2("./23/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./23/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file1") = -1 EBUSY (Device or resource busy)
[ 31.956598][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 153765273996672, count = 16
[ 31.971608][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 153765273994311, count = 2376
umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./23/file1") = 0
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
executing program
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 366
./strace-static-x86_64: Process 366 attached
[pid 366] set_robust_list(0x55558e09e660, 24) = 0
[pid 366] chdir("./24") = 0
[pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 366] setpgid(0, 0) = 0
[pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 366] write(3, "1000", 4) = 4
[pid 366] close(3) = 0
[pid 366] symlink("/dev/binderfs", "./binderfs") = 0
[pid 366] write(1, "executing program\n", 18) = 18
[pid 366] memfd_create("syzkaller", 0) = 3
[pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 366] munmap(0x7f1f10b34000, 138412032) = 0
[pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 32.020594][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 366] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 366] close(3) = 0
[pid 366] close(4) = 0
[pid 366] mkdir("./file1", 0777) = 0
[pid 366] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 366] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 366] chdir("./file1") = 0
[pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 366] ioctl(4, LOOP_CLR_FD) = 0
[pid 366] close(4) = 0
[pid 366] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 32.061927][ T366] loop0: detected capacity change from 0 to 1024
[ 32.080322][ T366] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 366] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 366] ftruncate(4, 7) = 0
[pid 366] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 366] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 366] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 366] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 366] exit_group(0) = ?
[pid 366] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./24/file1/lost+found") = 0
umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./24/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/file0") = 0
umount2("./24/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./24/file1/file0") = 0
umount2("./24/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file1") = 0
umount2("./24/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file2") = 0
umount2("./24/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file3") = 0
umount2("./24/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/file.cold") = 0
umount2("./24/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/memory.stat") = 0
umount2("./24/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./24/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file1") = -1 EBUSY (Device or resource busy)
[ 32.100285][ T366] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 32.114879][ T366] EXT4-fs (loop0): pa ffff888125c56540: logic 256, phys. 385, len 8
[ 32.122909][ T366] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./24/file1") = 0
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 369
./strace-static-x86_64: Process 369 attached
[pid 369] set_robust_list(0x55558e09e660, 24) = 0
[pid 369] chdir("./25") = 0
[pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 369] setpgid(0, 0) = 0
[pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 369] write(3, "1000", 4) = 4
[pid 369] close(3) = 0
[pid 369] symlink("/dev/binderfs", "./binderfs") = 0
[pid 369] write(1, "executing program\n", 18executing program
) = 18
[pid 369] memfd_create("syzkaller", 0) = 3
[pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 369] munmap(0x7f1f10b34000, 138412032) = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 369] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 369] close(3) = 0
[pid 369] close(4) = 0
[pid 369] mkdir("./file1", 0777) = 0
[pid 369] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 369] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 369] chdir("./file1") = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 369] ioctl(4, LOOP_CLR_FD) = 0
[pid 369] close(4) = 0
[pid 369] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 32.154404][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 32.177652][ T369] loop0: detected capacity change from 0 to 1024
[ 32.190638][ T369] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 369] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 369] ftruncate(4, 7) = 0
[pid 369] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 369] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 369] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 369] exit_group(0) = ?
[pid 369] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./25/file1/lost+found") = 0
umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./25/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/file0") = 0
umount2("./25/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./25/file1/file0") = 0
umount2("./25/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file1") = 0
umount2("./25/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file2") = 0
umount2("./25/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file3") = 0
umount2("./25/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/file.cold") = 0
umount2("./25/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/memory.stat") = 0
umount2("./25/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./25/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file1") = -1 EBUSY (Device or resource busy)
[ 32.211211][ T369] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 32.225890][ T369] EXT4-fs (loop0): pa ffff888125cc39d8: logic 256, phys. 385, len 8
[ 32.234167][ T369] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./25/file1") = 0
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 372
./strace-static-x86_64: Process 372 attached
[pid 372] set_robust_list(0x55558e09e660, 24) = 0
[pid 372] chdir("./26") = 0
[pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 372] setpgid(0, 0) = 0
executing program
[pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 372] write(3, "1000", 4) = 4
[pid 372] close(3) = 0
[pid 372] symlink("/dev/binderfs", "./binderfs") = 0
[pid 372] write(1, "executing program\n", 18) = 18
[pid 372] memfd_create("syzkaller", 0) = 3
[pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 372] munmap(0x7f1f10b34000, 138412032) = 0
[pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 372] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 372] close(3) = 0
[pid 372] close(4) = 0
[pid 372] mkdir("./file1", 0777) = 0
[pid 372] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 372] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 372] chdir("./file1") = 0
[pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 372] ioctl(4, LOOP_CLR_FD) = 0
[pid 372] close(4) = 0
[pid 372] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 32.263631][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 32.281728][ T372] loop0: detected capacity change from 0 to 1024
[ 32.300231][ T372] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 372] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 372] ftruncate(4, 7) = 0
[pid 372] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 372] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 372] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 372] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 372] exit_group(0) = ?
[pid 372] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./26/file1/lost+found") = 0
umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./26/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/file0") = 0
umount2("./26/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./26/file1/file0") = 0
umount2("./26/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file1") = 0
umount2("./26/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file2") = 0
umount2("./26/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file3") = 0
umount2("./26/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/file.cold") = 0
umount2("./26/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/memory.stat") = 0
umount2("./26/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./26/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file1") = -1 EBUSY (Device or resource busy)
[ 32.320919][ T372] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 32.335988][ T372] EXT4-fs (loop0): pa ffff888125cc33f0: logic 256, phys. 385, len 8
[ 32.344093][ T372] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./26/file1") = 0
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 375
./strace-static-x86_64: Process 375 attached
[pid 375] set_robust_list(0x55558e09e660, 24) = 0
[pid 375] chdir("./27") = 0
[pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 375] setpgid(0, 0) = 0
[pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 375] write(3, "1000", 4) = 4
[pid 375] close(3) = 0
[pid 375] symlink("/dev/binderfs", "./binderfs") = 0
[pid 375] write(1, "executing program\n", 18) = 18
[pid 375] memfd_create("syzkaller", 0) = 3
[pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 375] munmap(0x7f1f10b34000, 138412032) = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 375] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 375] close(3) = 0
[pid 375] close(4) = 0
[pid 375] mkdir("./file1", 0777) = 0
[pid 375] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 375] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 375] chdir("./file1") = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 375] ioctl(4, LOOP_CLR_FD) = 0
[pid 375] close(4) = 0
[pid 375] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 32.377001][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 32.399442][ T375] loop0: detected capacity change from 0 to 1024
[ 32.410595][ T375] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 375] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 375] ftruncate(4, 7) = 0
[pid 375] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 375] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 375] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 375] exit_group(0) = ?
[pid 375] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./27/file1/lost+found") = 0
umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./27/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/file0") = 0
umount2("./27/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./27/file1/file0") = 0
umount2("./27/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file1") = 0
umount2("./27/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file2") = 0
umount2("./27/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file3") = 0
umount2("./27/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/file.cold") = 0
umount2("./27/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/memory.stat") = 0
umount2("./27/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./27/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file1") = -1 EBUSY (Device or resource busy)
[ 32.431307][ T375] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 32.446071][ T375] EXT4-fs (loop0): pa ffff888125cc3c78: logic 256, phys. 385, len 8
[ 32.454091][ T375] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./27/file1") = 0
umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 378
./strace-static-x86_64: Process 378 attached
[pid 378] set_robust_list(0x55558e09e660, 24) = 0
[pid 378] chdir("./28") = 0
[pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 378] setpgid(0, 0) = 0
[pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 378] write(3, "1000", 4) = 4
[pid 378] close(3) = 0
[pid 378] symlink("/dev/binderfs", "./binderfs") = 0
[pid 378] write(1, "executing program\n", 18executing program
) = 18
[pid 378] memfd_create("syzkaller", 0) = 3
[pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 378] munmap(0x7f1f10b34000, 138412032) = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 378] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 378] close(3) = 0
[pid 378] close(4) = 0
[pid 378] mkdir("./file1", 0777) = 0
[pid 378] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 378] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 378] chdir("./file1") = 0
[pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 378] ioctl(4, LOOP_CLR_FD) = 0
[pid 378] close(4) = 0
[pid 378] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 32.487547][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 32.506423][ T378] loop0: detected capacity change from 0 to 1024
[ 32.520713][ T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 378] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 378] ftruncate(4, 7) = 0
[pid 378] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 378] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 378] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 378] exit_group(0) = ?
[pid 378] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./28/file1/lost+found") = 0
umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./28/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/file0") = 0
umount2("./28/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./28/file1/file0") = 0
umount2("./28/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file1") = 0
umount2("./28/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file2") = 0
umount2("./28/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file3") = 0
umount2("./28/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/file.cold") = 0
umount2("./28/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/memory.stat") = 0
umount2("./28/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./28/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file1") = -1 EBUSY (Device or resource busy)
[ 32.541820][ T378] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 32.556403][ T378] EXT4-fs (loop0): pa ffff888125cc35e8: logic 256, phys. 385, len 8
[ 32.564426][ T378] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./28/file1") = 0
umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 381
./strace-static-x86_64: Process 381 attached
[pid 381] set_robust_list(0x55558e09e660, 24) = 0
[pid 381] chdir("./29") = 0
[pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 381] setpgid(0, 0) = 0
[pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 381] write(3, "1000", 4) = 4
[pid 381] close(3) = 0
[pid 381] symlink("/dev/binderfs", "./binderfs") = 0
[pid 381] write(1, "executing program\n", 18) = 18
[pid 381] memfd_create("syzkaller", 0) = 3
[pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 381] munmap(0x7f1f10b34000, 138412032) = 0
[pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 381] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 381] close(3) = 0
[pid 381] close(4) = 0
[pid 381] mkdir("./file1", 0777) = 0
[pid 381] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 381] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 381] chdir("./file1") = 0
[pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 381] ioctl(4, LOOP_CLR_FD) = 0
[pid 381] close(4) = 0
[pid 381] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 32.594867][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 32.614895][ T381] loop0: detected capacity change from 0 to 1024
[ 32.630354][ T381] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 381] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 381] ftruncate(4, 7) = 0
[pid 381] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 381] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 381] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 381] exit_group(0) = ?
[pid 381] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./29/file1/lost+found") = 0
umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./29/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/file0") = 0
umount2("./29/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./29/file1/file0") = 0
umount2("./29/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file1") = 0
umount2("./29/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file2") = 0
umount2("./29/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file3") = 0
umount2("./29/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/file.cold") = 0
umount2("./29/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/memory.stat") = 0
umount2("./29/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./29/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file1") = -1 EBUSY (Device or resource busy)
[ 32.651210][ T381] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 32.665707][ T381] EXT4-fs (loop0): pa ffff888125cc3150: logic 256, phys. 385, len 8
[ 32.674199][ T381] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./29/file1") = 0
umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 384
./strace-static-x86_64: Process 384 attached
[pid 384] set_robust_list(0x55558e09e660, 24) = 0
[pid 384] chdir("./30") = 0
[pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 384] setpgid(0, 0) = 0
[pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 384] write(3, "1000", 4) = 4
[pid 384] close(3) = 0
[pid 384] symlink("/dev/binderfs", "./binderfs") = 0
[pid 384] write(1, "executing program\n", 18) = 18
[pid 384] memfd_create("syzkaller", 0) = 3
[pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 384] munmap(0x7f1f10b34000, 138412032) = 0
[pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 384] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 384] close(3) = 0
[pid 384] close(4) = 0
[pid 384] mkdir("./file1", 0777) = 0
[ 32.702017][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 32.723421][ T384] loop0: detected capacity change from 0 to 1024
[pid 384] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 384] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 384] chdir("./file1") = 0
[pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 384] ioctl(4, LOOP_CLR_FD) = 0
[pid 384] close(4) = 0
[pid 384] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 384] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[ 32.750785][ T384] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 32.770948][ T384] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 32.785480][ T384] EXT4-fs (loop0): pa ffff888125cc3348: logic 256, phys. 385, len 8
[pid 384] ftruncate(4, 7) = 0
[pid 384] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 384] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 384] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 384] exit_group(0) = ?
[pid 384] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./30/file1/lost+found") = 0
umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./30/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/file0") = 0
umount2("./30/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./30/file1/file0") = 0
umount2("./30/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file1") = 0
umount2("./30/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file2") = 0
umount2("./30/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file3") = 0
umount2("./30/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/file.cold") = 0
umount2("./30/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 32.793507][ T384] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 32.818515][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 231108506848584, count = 2
[ 32.833588][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 231108506848576, count = 16
[ 32.848552][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 280947903696816, count = 16
[ 32.863535][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 280947903692800, count = 4032
[ 32.878741][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 280947903692800, count = 16
[ 32.893712][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 1911033888, count = 16
[ 32.908216][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 1911029760, count = 4132
[ 32.922998][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 39874476394304, count = 16
unlink("./30/file1/memory.stat") = 0
umount2("./30/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./30/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/file1") = -1 EBUSY (Device or resource busy)
umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./30/file1") = 0
umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
executing program
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 387
./strace-static-x86_64: Process 387 attached
[pid 387] set_robust_list(0x55558e09e660, 24) = 0
[pid 387] chdir("./31") = 0
[pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 387] setpgid(0, 0) = 0
[pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 387] write(3, "1000", 4) = 4
[pid 387] close(3) = 0
[pid 387] symlink("/dev/binderfs", "./binderfs") = 0
[pid 387] write(1, "executing program\n", 18) = 18
[pid 387] memfd_create("syzkaller", 0) = 3
[pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 387] munmap(0x7f1f10b34000, 138412032) = 0
[pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 387] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 387] close(3) = 0
[pid 387] close(4) = 0
[pid 387] mkdir("./file1", 0777) = 0
[pid 387] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 387] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 387] chdir("./file1") = 0
[pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 387] ioctl(4, LOOP_CLR_FD) = 0
[pid 387] close(4) = 0
[pid 387] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 33.031973][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 33.054007][ T387] loop0: detected capacity change from 0 to 1024
[ 33.070603][ T387] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 387] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 387] ftruncate(4, 7) = 0
[pid 387] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 387] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 387] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 387] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 387] exit_group(0) = ?
[pid 387] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./31/file1/lost+found") = 0
umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./31/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/file0") = 0
umount2("./31/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./31/file1/file0") = 0
umount2("./31/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file1") = 0
umount2("./31/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file2") = 0
umount2("./31/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file3") = 0
umount2("./31/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/file.cold") = 0
umount2("./31/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 33.092044][ T387] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 33.106543][ T387] EXT4-fs (loop0): pa ffff888125d88c78: logic 256, phys. 385, len 8
[ 33.114548][ T387] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 33.139697][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 274877906944, count = 64
[ 33.154528][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 3, count = 0
[ 33.168180][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 0, count = 16
[ 33.182081][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 0, count = 17
[ 33.195789][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 4096, count = 0
[ 33.209714][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 4096, count = 16
[ 33.223688][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 34681860946928, count = 16
[ 33.238572][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 34681860915200, count = 31743
[ 33.253803][ T289] ------------[ cut here ]------------
[ 33.259284][ T289] WARNING: CPU: 0 PID: 289 at fs/ext4/mballoc.c:1777 mb_free_blocks+0xe72/0x1290
[ 33.268387][ T289] Modules linked in:
[ 33.272295][ T289] CPU: 0 PID: 289 Comm: syz-executor199 Tainted: G B 6.1.141-syzkaller-00039-g145c7fad733f #0
[ 33.283945][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 33.294013][ T289] RIP: 0010:mb_free_blocks+0xe72/0x1290
[ 33.299662][ T289] Code: e4 13 c8 ff 48 8b 33 48 8b bd 78 ff ff ff e8 25 45 00 00 48 81 c4 a8 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 ee b9 83 ff <0f> 0b eb e5 e8 e5 b9 83 ff eb de 48 8b 85 60 ff ff ff 42 80 3c 28
[ 33.319298][ T289] RSP: 0018:ffffc90000e47480 EFLAGS: 00010293
[ 33.325386][ T289] RAX: ffffffff81ec3d82 RBX: 0000000000000000 RCX: ffff88810e4f1440
[ 33.333413][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 33.341422][ T289] RBP: ffffc90000e47550 R08: dffffc0000000000 R09: ffffed10237d2490
[ 33.349424][ T289] R10: ffffed10237d2490 R11: 1ffff110237d248f R12: 0000000000000000
[ 33.357413][ T289] R13: dffffc0000000000 R14: ffff88811af1b000 R15: ffffc90000e47650
[ 33.365410][ T289] FS: 000055558e09e380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 33.374364][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.380967][ T289] CR2: 00007ffdcb3f4f18 CR3: 00000001226fd000 CR4: 00000000003506b0
[ 33.388960][ T289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.396955][ T289] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.404951][ T289] Call Trace:
[ 33.408227][ T289]
[ 33.411168][ T289] ? __kasan_check_read+0x11/0x20
[ 33.416222][ T289] ? __kasan_check_write+0x14/0x20
[ 33.421358][ T289] ? _raw_spin_trylock+0xb1/0x140
[ 33.426397][ T289] ? __cfi__raw_spin_trylock+0x10/0x10
[ 33.431892][ T289] ext4_free_blocks+0x163a/0x2100
[ 33.436936][ T289] ? __cfi_ext4_free_blocks+0x10/0x10
[ 33.442327][ T289] ? __ext4_journal_get_write_access+0x2df/0x6c0
[ 33.448673][ T289] ? __cfi___ext4_journal_get_write_access+0x10/0x10
[ 33.455372][ T289] ? ext4_inode_journal_mode+0x19a/0x480
[ 33.461037][ T289] ? ext4_datasem_ensure_credits+0xee/0x140
[ 33.466932][ T289] ext4_ext_remove_space+0x1b7d/0x3fb0
[ 33.472424][ T289] ? __cfi_ext4_ext_remove_space+0x10/0x10
[ 33.478248][ T289] ? ext4_es_remove_extent+0x1d9/0x330
[ 33.483731][ T289] ext4_ext_truncate+0x200/0x320
[ 33.488673][ T289] ext4_truncate+0x9a6/0xf90
[ 33.493287][ T289] ? __cfi_ext4_truncate+0x10/0x10
[ 33.498407][ T289] ext4_evict_inode+0xcc3/0x1460
[ 33.503366][ T289] ? _raw_spin_unlock+0x4c/0x70
[ 33.508236][ T289] ? __cfi_ext4_evict_inode+0x10/0x10
[ 33.513625][ T289] ? _raw_spin_unlock+0x4c/0x70
[ 33.518493][ T289] ? inode_io_list_del+0x19b/0x1b0
[ 33.523620][ T289] ? __cfi_ext4_evict_inode+0x10/0x10
[ 33.529028][ T289] evict+0x493/0x890
[ 33.532958][ T289] ? __kasan_check_write+0x14/0x20
[ 33.538093][ T289] ? proc_nr_inodes+0x2f0/0x2f0
[ 33.542968][ T289] ? lockref_put_return+0x152/0x1c0
[ 33.548178][ T289] ? __cfi_lockref_put_return+0x10/0x10
[ 33.553756][ T289] ? __kasan_check_write+0x14/0x20
[ 33.558887][ T289] iput+0x620/0x670
[ 33.562725][ T289] do_unlinkat+0x375/0x6b0
[ 33.567157][ T289] ? __cfi_do_unlinkat+0x10/0x10
[ 33.572129][ T289] ? getname_flags+0x206/0x500
[ 33.576911][ T289] __x64_sys_unlink+0x49/0x50
[ 33.581631][ T289] x64_sys_call+0x958/0x9a0
[ 33.586149][ T289] do_syscall_64+0x4c/0xa0
[ 33.590595][ T289] ? clear_bhb_loop+0x30/0x80
[ 33.595296][ T289] ? clear_bhb_loop+0x30/0x80
[ 33.600003][ T289] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 33.605909][ T289] RIP: 0033:0x7f1f18f72d17
[ 33.610348][ T289] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 33.629985][ T289] RSP: 002b:00007ffdcb3f67b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
unlink("./31/file1/memory.stat") = 0
umount2("./31/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./31/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file1") = -1 EBUSY (Device or resource busy)
umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./31/file1") = 0
umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 390
./strace-static-x86_64: Process 390 attached
[pid 390] set_robust_list(0x55558e09e660, 24) = 0
[pid 390] chdir("./32") = 0
[pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 390] setpgid(0, 0) = 0
[pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 390] write(3, "1000", 4) = 4
[pid 390] close(3) = 0
[pid 390] symlink("/dev/binderfs", "./binderfs") = 0
[pid 390] write(1, "executing program\n", 18executing program
) = 18
[pid 390] memfd_create("syzkaller", 0) = 3
[pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 390] munmap(0x7f1f10b34000, 138412032) = 0
[pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.638395][ T289] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1f18f72d17
[ 33.646410][ T289] RDX: 00007ffdcb3f67e0 RSI: 00007ffdcb3f6870 RDI: 00007ffdcb3f6870
[ 33.654414][ T289] RBP: 00007ffdcb3f6870 R08: 0000000000000000 R09: 0000000000000000
[ 33.662408][ T289] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdcb3f7960
[ 33.670404][ T289] R13: 000055558e0a7700 R14: 431bde82d7b634db R15: 00007ffdcb3f89f0
[ 33.678372][ T289]
[ 33.681398][ T289] ---[ end trace 0000000000000000 ]---
[pid 390] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 390] close(3) = 0
[pid 390] close(4) = 0
[pid 390] mkdir("./file1", 0777) = 0
[pid 390] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 390] chdir("./file1") = 0
[pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 390] ioctl(4, LOOP_CLR_FD) = 0
[pid 390] close(4) = 0
[pid 390] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 33.711102][ T390] loop0: detected capacity change from 0 to 1024
[ 33.742809][ T390] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[pid 390] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 390] ftruncate(4, 7) = 0
[pid 390] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 390] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 390] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 390] exit_group(0) = ?
[pid 390] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./32/file1/lost+found") = 0
umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./32/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/file0") = 0
umount2("./32/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./32/file1/file0") = 0
umount2("./32/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file1") = 0
umount2("./32/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file2") = 0
umount2("./32/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file3") = 0
umount2("./32/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/file.cold") = 0
umount2("./32/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/memory.stat") = 0
umount2("./32/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./32/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file1") = -1 EBUSY (Device or resource busy)
umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./32/file1") = 0
umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 393
./strace-static-x86_64: Process 393 attached
[pid 393] set_robust_list(0x55558e09e660, 24) = 0
[pid 393] chdir("./33") = 0
[pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 393] setpgid(0, 0) = 0
[pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 393] write(3, "1000", 4) = 4
[pid 393] close(3) = 0
[pid 393] symlink("/dev/binderfs", "./binderfs") = 0
[pid 393] write(1, "executing program\n", 18executing program
) = 18
[pid 393] memfd_create("syzkaller", 0) = 3
[pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 393] munmap(0x7f1f10b34000, 138412032) = 0
[pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.757404][ T390] EXT4-fs (loop0): pa ffff888125dd2738: logic 256, phys. 385, len 8
[ 33.765462][ T390] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[pid 393] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 393] close(3) = 0
[pid 393] close(4) = 0
[pid 393] mkdir("./file1", 0777) = 0
[pid 393] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 393] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 393] chdir("./file1") = 0
[pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 393] ioctl(4, LOOP_CLR_FD) = 0
[pid 393] close(4) = 0
[pid 393] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 33.818781][ T393] loop0: detected capacity change from 0 to 1024
[ 33.843484][ T393] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 33.858105][ T393] EXT4-fs (loop0): pa ffff888125dd27e0: logic 256, phys. 385, len 8
[pid 393] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 393] ftruncate(4, 7) = 0
[pid 393] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 393] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 393] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 393] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 393] exit_group(0) = ?
[pid 393] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./33/file1/lost+found") = 0
umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./33/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/file0") = 0
umount2("./33/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./33/file1/file0") = 0
umount2("./33/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file1") = 0
umount2("./33/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file2") = 0
umount2("./33/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file3") = 0
umount2("./33/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/file.cold") = 0
umount2("./33/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/memory.stat") = 0
umount2("./33/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./33/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file1") = -1 EBUSY (Device or resource busy)
umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./33/file1") = 0
umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 396
./strace-static-x86_64: Process 396 attached
[pid 396] set_robust_list(0x55558e09e660, 24) = 0
[pid 396] chdir("./34") = 0
[pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 396] setpgid(0, 0) = 0
[pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 396] write(3, "1000", 4) = 4
[pid 396] close(3) = 0
[pid 396] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 396] write(1, "executing program\n", 18) = 18
[pid 396] memfd_create("syzkaller", 0) = 3
[pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 396] munmap(0x7f1f10b34000, 138412032) = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.866135][ T393] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[pid 396] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 396] close(3) = 0
[pid 396] close(4) = 0
[pid 396] mkdir("./file1", 0777) = 0
[pid 396] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 396] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 396] chdir("./file1") = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 396] ioctl(4, LOOP_CLR_FD) = 0
[pid 396] close(4) = 0
[pid 396] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 33.909607][ T396] loop0: detected capacity change from 0 to 1024
[ 33.933251][ T396] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 33.947953][ T396] EXT4-fs (loop0): pa ffff888125d88348: logic 256, phys. 385, len 8
[pid 396] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 396] ftruncate(4, 7) = 0
[pid 396] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 396] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 396] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 396] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 396] exit_group(0) = ?
[pid 396] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./34/file1/lost+found") = 0
umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./34/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/file0") = 0
umount2("./34/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./34/file1/file0") = 0
umount2("./34/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file1") = 0
umount2("./34/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file2") = 0
umount2("./34/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file3") = 0
umount2("./34/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/file.cold") = 0
umount2("./34/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/memory.stat") = 0
umount2("./34/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./34/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file1") = -1 EBUSY (Device or resource busy)
umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./34/file1") = 0
umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 399
./strace-static-x86_64: Process 399 attached
[pid 399] set_robust_list(0x55558e09e660, 24) = 0
[pid 399] chdir("./35") = 0
[pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 399] setpgid(0, 0) = 0
[pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 399] write(3, "1000", 4) = 4
[pid 399] close(3) = 0
[pid 399] symlink("/dev/binderfs", "./binderfs") = 0
[pid 399] write(1, "executing program\n", 18executing program
) = 18
[pid 399] memfd_create("syzkaller", 0) = 3
[pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 399] munmap(0x7f1f10b34000, 138412032) = 0
[pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 33.956034][ T396] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[pid 399] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 399] close(3) = 0
[pid 399] close(4) = 0
[pid 399] mkdir("./file1", 0777) = 0
[pid 399] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 399] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 399] chdir("./file1") = 0
[pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 399] ioctl(4, LOOP_CLR_FD) = 0
[pid 399] close(4) = 0
[pid 399] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.005234][ T399] loop0: detected capacity change from 0 to 1024
[ 34.021149][ T399] EXT4-fs mount: 7 callbacks suppressed
[ 34.021165][ T399] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 399] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 399] ftruncate(4, 7) = 0
[pid 399] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 399] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 399] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 399] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 399] exit_group(0) = ?
[pid 399] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=399, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./35/file1/lost+found") = 0
umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./35/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/file0") = 0
umount2("./35/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./35/file1/file0") = 0
umount2("./35/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file1") = 0
umount2("./35/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file2") = 0
umount2("./35/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file3") = 0
umount2("./35/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/file.cold") = 0
umount2("./35/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/memory.stat") = 0
umount2("./35/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./35/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/file1") = -1 EBUSY (Device or resource busy)
[ 34.048068][ T399] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 34.062816][ T399] EXT4-fs (loop0): pa ffff888125dff738: logic 256, phys. 385, len 8
[ 34.070871][ T399] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./35/file1") = 0
umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 402
./strace-static-x86_64: Process 402 attached
[pid 402] set_robust_list(0x55558e09e660, 24) = 0
[pid 402] chdir("./36") = 0
[pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 402] setpgid(0, 0) = 0
[pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 402] write(3, "1000", 4) = 4
[pid 402] close(3) = 0
[pid 402] symlink("/dev/binderfs", "./binderfs") = 0
[pid 402] write(1, "executing program\n", 18executing program
) = 18
[pid 402] memfd_create("syzkaller", 0) = 3
[pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 402] munmap(0x7f1f10b34000, 138412032) = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 402] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 402] close(3) = 0
[pid 402] close(4) = 0
[pid 402] mkdir("./file1", 0777) = 0
[pid 402] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 402] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 402] chdir("./file1") = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 402] ioctl(4, LOOP_CLR_FD) = 0
[pid 402] close(4) = 0
[pid 402] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.103048][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 34.125733][ T402] loop0: detected capacity change from 0 to 1024
[ 34.140517][ T402] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 402] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 402] ftruncate(4, 7) = 0
[pid 402] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 402] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 402] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 402] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 402] exit_group(0) = ?
[pid 402] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./36/file1/lost+found") = 0
umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./36/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/file0") = 0
umount2("./36/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./36/file1/file0") = 0
umount2("./36/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file1") = 0
umount2("./36/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file2") = 0
umount2("./36/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file3") = 0
umount2("./36/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/file.cold") = 0
umount2("./36/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/memory.stat") = 0
umount2("./36/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./36/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file1") = -1 EBUSY (Device or resource busy)
[ 34.161854][ T402] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 34.176473][ T402] EXT4-fs (loop0): pa ffff888125dff348: logic 256, phys. 385, len 8
[ 34.184494][ T402] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./36/file1") = 0
umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 405
./strace-static-x86_64: Process 405 attached
[pid 405] set_robust_list(0x55558e09e660, 24) = 0
[pid 405] chdir("./37") = 0
[pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 405] setpgid(0, 0) = 0
[pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 405] write(3, "1000", 4) = 4
[pid 405] close(3) = 0
[pid 405] symlink("/dev/binderfs", "./binderfs") = 0
[pid 405] write(1, "executing program\n", 18) = 18
[pid 405] memfd_create("syzkaller", 0) = 3
[pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 405] munmap(0x7f1f10b34000, 138412032) = 0
[pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 405] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 405] close(3) = 0
[pid 405] close(4) = 0
[pid 405] mkdir("./file1", 0777) = 0
[pid 405] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 405] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 405] chdir("./file1") = 0
[pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 405] ioctl(4, LOOP_CLR_FD) = 0
[pid 405] close(4) = 0
[pid 405] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.214930][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 34.232202][ T405] loop0: detected capacity change from 0 to 1024
[ 34.250496][ T405] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 405] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 405] ftruncate(4, 7) = 0
[pid 405] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 405] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 405] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 405] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 405] exit_group(0) = ?
[pid 405] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./37/file1/lost+found") = 0
umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./37/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/file0") = 0
umount2("./37/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./37/file1/file0") = 0
umount2("./37/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file1") = 0
umount2("./37/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file2") = 0
umount2("./37/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file3") = 0
umount2("./37/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/file.cold") = 0
umount2("./37/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/memory.stat") = 0
umount2("./37/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./37/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file1") = -1 EBUSY (Device or resource busy)
[ 34.270414][ T405] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 34.285006][ T405] EXT4-fs (loop0): pa ffff888125e28498: logic 256, phys. 385, len 8
[ 34.293088][ T405] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./37/file1") = 0
umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 408
./strace-static-x86_64: Process 408 attached
[pid 408] set_robust_list(0x55558e09e660, 24) = 0
[pid 408] chdir("./38") = 0
[pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 408] setpgid(0, 0) = 0
[pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 408] write(3, "1000", 4) = 4
[pid 408] close(3) = 0
[pid 408] symlink("/dev/binderfs", "./binderfs") = 0
[pid 408] write(1, "executing program\n", 18) = 18
[pid 408] memfd_create("syzkaller", 0) = 3
executing program
[pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 408] munmap(0x7f1f10b34000, 138412032) = 0
[pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.319624][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 408] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 408] close(3) = 0
[pid 408] close(4) = 0
[pid 408] mkdir("./file1", 0777) = 0
[pid 408] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 408] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 408] chdir("./file1") = 0
[pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 408] ioctl(4, LOOP_CLR_FD) = 0
[pid 408] close(4) = 0
[pid 408] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.341662][ T408] loop0: detected capacity change from 0 to 1024
[ 34.360663][ T408] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 408] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 408] ftruncate(4, 7) = 0
[pid 408] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 408] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 408] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 408] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 408] exit_group(0) = ?
[pid 408] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./38/file1/lost+found") = 0
umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./38/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/file0") = 0
umount2("./38/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./38/file1/file0") = 0
umount2("./38/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file1") = 0
umount2("./38/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file2") = 0
umount2("./38/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file3") = 0
umount2("./38/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/file.cold") = 0
umount2("./38/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/memory.stat") = 0
umount2("./38/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./38/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file1") = -1 EBUSY (Device or resource busy)
[ 34.381566][ T408] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 34.396260][ T408] EXT4-fs (loop0): pa ffff8881158e4738: logic 256, phys. 385, len 8
[ 34.404277][ T408] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./38/file1") = 0
umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 411
./strace-static-x86_64: Process 411 attached
[pid 411] set_robust_list(0x55558e09e660, 24) = 0
[pid 411] chdir("./39") = 0
[pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 411] setpgid(0, 0) = 0
[pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 411] write(3, "1000", 4) = 4
[pid 411] close(3) = 0
[pid 411] symlink("/dev/binderfs", "./binderfs") = 0
[pid 411] write(1, "executing program\n", 18) = 18
[pid 411] memfd_create("syzkaller", 0) = 3
[pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 411] munmap(0x7f1f10b34000, 138412032) = 0
[pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 411] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 411] close(3) = 0
[pid 411] close(4) = 0
[pid 411] mkdir("./file1", 0777) = 0
[pid 411] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 411] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 411] chdir("./file1") = 0
[pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 411] ioctl(4, LOOP_CLR_FD) = 0
[pid 411] close(4) = 0
[pid 411] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.435946][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 34.453024][ T411] loop0: detected capacity change from 0 to 1024
[ 34.470770][ T411] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 411] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 411] ftruncate(4, 7) = 0
[pid 411] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 411] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 411] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 411] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 411] exit_group(0) = ?
[pid 411] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=411, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./39/file1/lost+found") = 0
umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./39/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/file0") = 0
umount2("./39/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./39/file1/file0") = 0
umount2("./39/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file1") = 0
umount2("./39/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file2") = 0
umount2("./39/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file3") = 0
umount2("./39/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/file.cold") = 0
umount2("./39/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/memory.stat") = 0
umount2("./39/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./39/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file1") = -1 EBUSY (Device or resource busy)
[ 34.492710][ T411] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 34.507291][ T411] EXT4-fs (loop0): pa ffff8881158e47e0: logic 256, phys. 385, len 8
[ 34.515311][ T411] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./39/file1") = 0
umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 414
./strace-static-x86_64: Process 414 attached
[pid 414] set_robust_list(0x55558e09e660, 24) = 0
[pid 414] chdir("./40") = 0
[pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 414] setpgid(0, 0) = 0
[pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 414] write(3, "1000", 4) = 4
[pid 414] close(3) = 0
[pid 414] symlink("/dev/binderfs", "./binderfs") = 0
[pid 414] write(1, "executing program\n", 18executing program
) = 18
[pid 414] memfd_create("syzkaller", 0) = 3
[pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 414] munmap(0x7f1f10b34000, 138412032) = 0
[pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.541204][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 414] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 414] close(3) = 0
[pid 414] close(4) = 0
[pid 414] mkdir("./file1", 0777) = 0
[pid 414] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 414] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 414] chdir("./file1") = 0
[pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 414] ioctl(4, LOOP_CLR_FD) = 0
[pid 414] close(4) = 0
[pid 414] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.566028][ T414] loop0: detected capacity change from 0 to 1024
[ 34.580428][ T414] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 34.601868][ T414] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[pid 414] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 414] ftruncate(4, 7) = 0
[pid 414] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 414] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 414] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 414] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 414] exit_group(0) = ?
[pid 414] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./40/file1/lost+found") = 0
umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./40/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/file0") = 0
umount2("./40/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./40/file1/file0") = 0
umount2("./40/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file1") = 0
umount2("./40/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file2") = 0
umount2("./40/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file3") = 0
umount2("./40/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/file.cold") = 0
umount2("./40/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/memory.stat") = 0
umount2("./40/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./40/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file1") = -1 EBUSY (Device or resource busy)
umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./40/file1") = 0
umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 417
./strace-static-x86_64: Process 417 attached
[pid 417] set_robust_list(0x55558e09e660, 24) = 0
[pid 417] chdir("./41") = 0
[pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 417] setpgid(0, 0) = 0
[pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 417] write(3, "1000", 4) = 4
[pid 417] close(3) = 0
[pid 417] symlink("/dev/binderfs", "./binderfs") = 0
[pid 417] write(1, "executing program\n", 18) = 18
[pid 417] memfd_create("syzkaller", 0) = 3
[pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 417] munmap(0x7f1f10b34000, 138412032) = 0
[pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 34.616536][ T414] EXT4-fs (loop0): pa ffff8881158e4930: logic 256, phys. 385, len 8
[ 34.624542][ T414] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 34.656474][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 417] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 417] close(3) = 0
[pid 417] close(4) = 0
[pid 417] mkdir("./file1", 0777) = 0
[pid 417] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 417] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 417] chdir("./file1") = 0
[pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 417] ioctl(4, LOOP_CLR_FD) = 0
[pid 417] close(4) = 0
[pid 417] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.673633][ T417] loop0: detected capacity change from 0 to 1024
[ 34.690644][ T417] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 417] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 417] ftruncate(4, 7) = 0
[pid 417] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 417] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 417] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 417] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 417] exit_group(0) = ?
[pid 417] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=417, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./41/file1/lost+found") = 0
umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./41/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/file0") = 0
umount2("./41/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./41/file1/file0") = 0
umount2("./41/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file1") = 0
umount2("./41/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file2") = 0
umount2("./41/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file3") = 0
umount2("./41/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/file.cold") = 0
umount2("./41/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/memory.stat") = 0
umount2("./41/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./41/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file1") = -1 EBUSY (Device or resource busy)
[ 34.711255][ T417] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 34.725879][ T417] EXT4-fs (loop0): pa ffff888125ece930: logic 256, phys. 385, len 8
[ 34.733920][ T417] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./41/file1") = 0
umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 420
./strace-static-x86_64: Process 420 attached
[pid 420] set_robust_list(0x55558e09e660, 24) = 0
[pid 420] chdir("./42") = 0
[pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 420] setpgid(0, 0) = 0
[pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 420] write(3, "1000", 4) = 4
[pid 420] close(3) = 0
[pid 420] symlink("/dev/binderfs", "./binderfs") = 0
[pid 420] write(1, "executing program\n", 18executing program
) = 18
[pid 420] memfd_create("syzkaller", 0) = 3
[pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 420] munmap(0x7f1f10b34000, 138412032) = 0
[pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 420] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 420] close(3) = 0
[pid 420] close(4) = 0
[pid 420] mkdir("./file1", 0777) = 0
[pid 420] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 420] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 420] chdir("./file1") = 0
[pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 420] ioctl(4, LOOP_CLR_FD) = 0
[pid 420] close(4) = 0
[pid 420] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.764864][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 34.788574][ T420] loop0: detected capacity change from 0 to 1024
[ 34.801367][ T420] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 420] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 420] ftruncate(4, 7) = 0
[pid 420] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 420] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 420] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 420] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 420] exit_group(0) = ?
[pid 420] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./42/file1/lost+found") = 0
umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./42/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file0/file0") = 0
umount2("./42/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./42/file1/file0") = 0
umount2("./42/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file1") = 0
umount2("./42/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file2") = 0
umount2("./42/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file3") = 0
umount2("./42/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/file.cold") = 0
umount2("./42/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/memory.stat") = 0
umount2("./42/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./42/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file1") = -1 EBUSY (Device or resource busy)
[ 34.822089][ T420] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 34.836716][ T420] EXT4-fs (loop0): pa ffff888125ecea80: logic 256, phys. 385, len 8
[ 34.844743][ T420] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./42/file1") = 0
umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 423
./strace-static-x86_64: Process 423 attached
[pid 423] set_robust_list(0x55558e09e660, 24) = 0
[pid 423] chdir("./43") = 0
[pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 423] setpgid(0, 0) = 0
[pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 423] write(3, "1000", 4) = 4
[pid 423] close(3) = 0
[pid 423] symlink("/dev/binderfs", "./binderfs") = 0
[pid 423] write(1, "executing program\n", 18) = 18
[pid 423] memfd_create("syzkaller", 0) = 3
[pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 423] munmap(0x7f1f10b34000, 138412032) = 0
[pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 423] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 423] close(3) = 0
[pid 423] close(4) = 0
[pid 423] mkdir("./file1", 0777) = 0
[pid 423] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 423] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 423] chdir("./file1") = 0
[pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 423] ioctl(4, LOOP_CLR_FD) = 0
[pid 423] close(4) = 0
[pid 423] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.874519][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 34.892672][ T423] loop0: detected capacity change from 0 to 1024
[ 34.910569][ T423] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 423] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 423] ftruncate(4, 7) = 0
[pid 423] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 423] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 423] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 423] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 423] exit_group(0) = ?
[pid 423] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./43/file1/lost+found") = 0
umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./43/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file0/file0") = 0
umount2("./43/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./43/file1/file0") = 0
umount2("./43/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file1") = 0
umount2("./43/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file2") = 0
umount2("./43/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file3") = 0
umount2("./43/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/file.cold") = 0
umount2("./43/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/memory.stat") = 0
umount2("./43/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./43/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file1") = -1 EBUSY (Device or resource busy)
[ 34.932019][ T423] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 34.946753][ T423] EXT4-fs (loop0): pa ffff888125ece348: logic 256, phys. 385, len 8
[ 34.954870][ T423] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./43/file1") = 0
umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 426
./strace-static-x86_64: Process 426 attached
[pid 426] set_robust_list(0x55558e09e660, 24) = 0
[pid 426] chdir("./44"executing program
) = 0
[pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 426] setpgid(0, 0) = 0
[pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 426] write(3, "1000", 4) = 4
[pid 426] close(3) = 0
[pid 426] symlink("/dev/binderfs", "./binderfs") = 0
[pid 426] write(1, "executing program\n", 18) = 18
[pid 426] memfd_create("syzkaller", 0) = 3
[pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 426] munmap(0x7f1f10b34000, 138412032) = 0
[pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 426] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 426] close(3) = 0
[pid 426] close(4) = 0
[pid 426] mkdir("./file1", 0777) = 0
[pid 426] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 426] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 426] chdir("./file1") = 0
[pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 426] ioctl(4, LOOP_CLR_FD) = 0
[pid 426] close(4) = 0
[pid 426] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.986101][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 35.006899][ T426] loop0: detected capacity change from 0 to 1024
[ 35.020854][ T426] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 426] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 426] ftruncate(4, 7) = 0
[pid 426] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 426] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 426] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 426] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 426] exit_group(0) = ?
[pid 426] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./44/file1/lost+found") = 0
umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./44/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file0/file0") = 0
umount2("./44/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./44/file1/file0") = 0
umount2("./44/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file1") = 0
umount2("./44/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file2") = 0
umount2("./44/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file3") = 0
umount2("./44/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/file.cold") = 0
umount2("./44/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/memory.stat") = 0
umount2("./44/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./44/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file1") = -1 EBUSY (Device or resource busy)
[ 35.041637][ T426] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 35.056386][ T426] EXT4-fs (loop0): pa ffff888125ea6d20: logic 256, phys. 385, len 8
[ 35.064482][ T426] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./44/file1") = 0
umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 429
./strace-static-x86_64: Process 429 attached
[pid 429] set_robust_list(0x55558e09e660, 24) = 0
[pid 429] chdir("./45") = 0
[pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 429] setpgid(0, 0) = 0
[pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 429] write(3, "1000", 4) = 4
[pid 429] close(3) = 0
[pid 429] symlink("/dev/binderfs", "./binderfs") = 0
[pid 429] write(1, "executing program\n", 18executing program
) = 18
[pid 429] memfd_create("syzkaller", 0) = 3
[pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 429] munmap(0x7f1f10b34000, 138412032) = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 429] close(3) = 0
[pid 429] close(4) = 0
[pid 429] mkdir("./file1", 0777) = 0
[pid 429] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 429] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 429] chdir("./file1") = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_CLR_FD) = 0
[pid 429] close(4) = 0
[pid 429] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 35.094831][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 35.118978][ T429] loop0: detected capacity change from 0 to 1024
[ 35.131135][ T429] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 429] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 429] ftruncate(4, 7) = 0
[pid 429] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 429] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 429] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 429] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 429] exit_group(0) = ?
[pid 429] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=429, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./45/file1/lost+found") = 0
umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./45/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file0/file0") = 0
umount2("./45/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./45/file1/file0") = 0
umount2("./45/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file1") = 0
umount2("./45/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file2") = 0
umount2("./45/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file3") = 0
umount2("./45/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/file.cold") = 0
umount2("./45/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 35.151928][ T429] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 35.166573][ T429] EXT4-fs (loop0): pa ffff888125ea6498: logic 256, phys. 385, len 8
[ 35.174607][ T429] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 35.206491][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 1174405120, count = 2
[ 35.221217][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 1174405120, count = 16
[ 35.235822][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 544, count = 16
unlink("./45/file1/memory.stat") = 0
umount2("./45/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./45/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file1") = -1 EBUSY (Device or resource busy)
umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./45/file1") = 0
umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 432
./strace-static-x86_64: Process 432 attached
[pid 432] set_robust_list(0x55558e09e660, 24) = 0
[pid 432] chdir("./46") = 0
[pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 432] setpgid(0, 0) = 0
[pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 432] write(3, "1000", 4) = 4
[pid 432] close(3) = 0
[pid 432] symlink("/dev/binderfs", "./binderfs") = 0
[pid 432] write(1, "executing program\n", 18executing program
) = 18
[pid 432] memfd_create("syzkaller", 0) = 3
[pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 432] munmap(0x7f1f10b34000, 138412032) = 0
[pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 432] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 432] close(3) = 0
[pid 432] close(4) = 0
[pid 432] mkdir("./file1", 0777) = 0
[ 35.249773][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 0, count = 545
[ 35.266928][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 35.290526][ T432] loop0: detected capacity change from 0 to 1024
[pid 432] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 432] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 432] chdir("./file1") = 0
[pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 432] ioctl(4, LOOP_CLR_FD) = 0
[pid 432] close(4) = 0
[pid 432] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 35.310571][ T432] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 35.331916][ T432] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 35.346830][ T432] EXT4-fs (loop0): pa ffff888125efd930: logic 256, phys. 385, len 8
[pid 432] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 432] ftruncate(4, 7) = 0
[pid 432] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 432] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 432] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 432] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 432] exit_group(0) = ?
[pid 432] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=432, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./46/file1/lost+found") = 0
umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./46/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file0/file0") = 0
umount2("./46/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./46/file1/file0") = 0
umount2("./46/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file1") = 0
umount2("./46/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file2") = 0
umount2("./46/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file3") = 0
umount2("./46/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/file.cold") = 0
umount2("./46/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/memory.stat") = 0
umount2("./46/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./46/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/file1") = -1 EBUSY (Device or resource busy)
umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./46/file1") = 0
umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558e09e650) = 435
./strace-static-x86_64: Process 435 attached
[pid 435] set_robust_list(0x55558e09e660, 24) = 0
[pid 435] chdir("./47") = 0
[pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 435] setpgid(0, 0) = 0
[pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 435] write(3, "1000", 4) = 4
[pid 435] close(3) = 0
[pid 435] symlink("/dev/binderfs", "./binderfs") = 0
[pid 435] write(1, "executing program\n", 18) = 18
[pid 435] memfd_create("syzkaller", 0) = 3
[pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 435] munmap(0x7f1f10b34000, 138412032) = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 435] close(3) = 0
[pid 435] close(4) = 0
[pid 435] mkdir("./file1", 0777) = 0
[ 35.354848][ T432] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 35.380708][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 35.401524][ T435] loop0: detected capacity change from 0 to 1024
[pid 435] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 435] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 435] chdir("./file1") = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_CLR_FD) = 0
[pid 435] close(4) = 0
[pid 435] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 35.421087][ T435] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 35.442012][ T435] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 35.456649][ T435] EXT4-fs (loop0): pa ffff888125efd738: logic 256, phys. 385, len 8
[pid 435] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 435] ftruncate(4, 7) = 0
[pid 435] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 435] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 435] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 435] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 435] exit_group(0) = ?
[pid 435] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./47/file1/lost+found") = 0
umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./47/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file0/file0") = 0
umount2("./47/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./47/file1/file0") = 0
umount2("./47/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file1") = 0
umount2("./47/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file2") = 0
umount2("./47/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file3") = 0
umount2("./47/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/file.cold") = 0
umount2("./47/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 35.464697][ T435] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 35.491215][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 2218327690496, count = 16
[ 35.506116][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 2218327671558, count = 18952
[ 35.521235][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 2218327671552, count = 16
[ 35.536053][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 1121003364096, count = 16
[ 35.550836][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 1121003363331, count = 772
[ 35.565788][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 1121003363328, count = 16
[ 35.580562][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 5501886949632, count = 16
[ 35.595398][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor199: Freeing blocks not in datazone - block = 5501886927874, count = 21763
unlink("./47/file1/memory.stat") = 0
umount2("./47/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./47/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file1") = -1 EBUSY (Device or resource busy)
umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./47/file1") = 0
umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 438
./strace-static-x86_64: Process 438 attached
[pid 438] set_robust_list(0x55558e09e660, 24) = 0
[pid 438] chdir("./48") = 0
[pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 438] setpgid(0, 0) = 0
[pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 438] write(3, "1000", 4) = 4
[pid 438] close(3) = 0
[pid 438] symlink("/dev/binderfs", "./binderfs") = 0
[pid 438] write(1, "executing program\n", 18) = 18
[pid 438] memfd_create("syzkaller", 0) = 3
[pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 438] munmap(0x7f1f10b34000, 138412032) = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 438] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 438] close(3) = 0
[pid 438] close(4) = 0
[pid 438] mkdir("./file1", 0777) = 0
[pid 438] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 438] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 438] chdir("./file1") = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 438] ioctl(4, LOOP_CLR_FD) = 0
[pid 438] close(4) = 0
[pid 438] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 36.413427][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 36.430627][ T438] loop0: detected capacity change from 0 to 1024
[ 36.450364][ T438] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 438] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 438] ftruncate(4, 7) = 0
[pid 438] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 438] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 438] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 438] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 438] exit_group(0) = ?
[pid 438] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=438, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./48/file1/lost+found") = 0
umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./48/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file0/file0") = 0
umount2("./48/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./48/file1/file0") = 0
umount2("./48/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file1") = 0
umount2("./48/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file2") = 0
umount2("./48/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file3") = 0
umount2("./48/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/file.cold") = 0
umount2("./48/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/memory.stat") = 0
umount2("./48/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./48/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file1") = -1 EBUSY (Device or resource busy)
[ 36.471493][ T438] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 36.486177][ T438] EXT4-fs (loop0): pa ffff888125f452a0: logic 256, phys. 385, len 8
[ 36.494298][ T438] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./48/file1") = 0
umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 441
./strace-static-x86_64: Process 441 attached
[pid 441] set_robust_list(0x55558e09e660, 24) = 0
[pid 441] chdir("./49") = 0
[pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 441] setpgid(0, 0) = 0
[pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 441] write(3, "1000", 4) = 4
[pid 441] close(3) = 0
[pid 441] symlink("/dev/binderfs", "./binderfs") = 0
[pid 441] write(1, "executing program\n", 18) = 18
[pid 441] memfd_create("syzkaller", 0) = 3
[pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 441] munmap(0x7f1f10b34000, 138412032) = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 441] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 441] close(3) = 0
[pid 441] close(4) = 0
[pid 441] mkdir("./file1", 0777) = 0
[pid 441] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 441] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 441] chdir("./file1") = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 441] ioctl(4, LOOP_CLR_FD) = 0
[pid 441] close(4) = 0
[pid 441] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 36.525941][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 36.547278][ T441] loop0: detected capacity change from 0 to 1024
[ 36.561206][ T441] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 441] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 441] ftruncate(4, 7) = 0
[pid 441] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 441] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 441] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 441] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 441] exit_group(0) = ?
[pid 441] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./49/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./49/file1/lost+found") = 0
umount2("./49/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./49/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file0/file0") = 0
umount2("./49/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./49/file1/file0") = 0
umount2("./49/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file1") = 0
umount2("./49/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file2") = 0
umount2("./49/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file3") = 0
umount2("./49/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/file.cold") = 0
umount2("./49/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/memory.stat") = 0
umount2("./49/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./49/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file1") = -1 EBUSY (Device or resource busy)
[ 36.582016][ T441] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 36.596617][ T441] EXT4-fs (loop0): pa ffff888125f457e0: logic 256, phys. 385, len 8
[ 36.604640][ T441] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./49/file1") = 0
umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 444
./strace-static-x86_64: Process 444 attached
[pid 444] set_robust_list(0x55558e09e660, 24) = 0
[pid 444] chdir("./50") = 0
[pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 444] setpgid(0, 0) = 0
[pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 444] write(3, "1000", 4) = 4
[pid 444] close(3) = 0
[pid 444] symlink("/dev/binderfs", "./binderfs") = 0
[pid 444] write(1, "executing program\n", 18executing program
) = 18
[pid 444] memfd_create("syzkaller", 0) = 3
[pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 444] munmap(0x7f1f10b34000, 138412032) = 0
[pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 444] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 444] close(3) = 0
[pid 444] close(4) = 0
[pid 444] mkdir("./file1", 0777) = 0
[pid 444] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 444] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 444] chdir("./file1") = 0
[pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 444] ioctl(4, LOOP_CLR_FD) = 0
[pid 444] close(4) = 0
[pid 444] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 36.632820][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 36.651228][ T444] loop0: detected capacity change from 0 to 1024
[ 36.670270][ T444] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 444] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 444] ftruncate(4, 7) = 0
[pid 444] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 444] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 444] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 444] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 444] exit_group(0) = ?
[pid 444] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=444, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./50/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./50/file1/lost+found") = 0
umount2("./50/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./50/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./50/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file0/file0") = 0
umount2("./50/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./50/file1/file0") = 0
umount2("./50/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file1") = 0
umount2("./50/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file2") = 0
umount2("./50/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file3") = 0
umount2("./50/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/file.cold") = 0
umount2("./50/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/memory.stat") = 0
umount2("./50/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./50/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/file1") = -1 EBUSY (Device or resource busy)
[ 36.692361][ T444] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 36.707075][ T444] EXT4-fs (loop0): pa ffff888125f6d348: logic 256, phys. 385, len 8
[ 36.715109][ T444] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./50/file1") = 0
umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 447
./strace-static-x86_64: Process 447 attached
[pid 447] set_robust_list(0x55558e09e660, 24) = 0
[pid 447] chdir("./51") = 0
[pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 447] setpgid(0, 0) = 0
[pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 447] write(3, "1000", 4) = 4
[pid 447] close(3) = 0
[pid 447] symlink("/dev/binderfs", "./binderfs") = 0
[pid 447] write(1, "executing program\n", 18) = 18
[pid 447] memfd_create("syzkaller", 0) = 3
[pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 447] munmap(0x7f1f10b34000, 138412032) = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 447] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 447] close(3) = 0
[pid 447] close(4) = 0
[pid 447] mkdir("./file1", 0777) = 0
[pid 447] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 447] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 447] chdir("./file1") = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 447] ioctl(4, LOOP_CLR_FD) = 0
[pid 447] close(4) = 0
[pid 447] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 36.750831][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 36.767902][ T447] loop0: detected capacity change from 0 to 1024
[ 36.780374][ T447] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 447] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 447] ftruncate(4, 7) = 0
[pid 447] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 447] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 447] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 447] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 447] exit_group(0) = ?
[pid 447] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./51/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./51/file1/lost+found") = 0
umount2("./51/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./51/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./51/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file0/file0") = 0
umount2("./51/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./51/file1/file0") = 0
umount2("./51/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file1") = 0
umount2("./51/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file2") = 0
umount2("./51/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file3") = 0
umount2("./51/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/file.cold") = 0
umount2("./51/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/memory.stat") = 0
umount2("./51/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./51/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file1") = -1 EBUSY (Device or resource busy)
[ 36.800774][ T447] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 36.815412][ T447] EXT4-fs (loop0): pa ffff888125f26c78: logic 256, phys. 385, len 8
[ 36.823541][ T447] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./51/file1") = 0
umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 450
./strace-static-x86_64: Process 450 attached
[pid 450] set_robust_list(0x55558e09e660, 24) = 0
[pid 450] chdir("./52") = 0
[pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 450] setpgid(0, 0) = 0
[pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 450] write(3, "1000", 4) = 4
[pid 450] close(3) = 0
[pid 450] symlink("/dev/binderfs", "./binderfs") = 0
[pid 450] write(1, "executing program\n", 18) = 18
[pid 450] memfd_create("syzkaller", 0) = 3
[pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 450] munmap(0x7f1f10b34000, 138412032) = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 450] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 450] close(3) = 0
[pid 450] close(4) = 0
[pid 450] mkdir("./file1", 0777) = 0
[pid 450] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 450] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 450] chdir("./file1") = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 450] ioctl(4, LOOP_CLR_FD) = 0
[pid 450] close(4) = 0
[pid 450] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 36.857704][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 36.874708][ T450] loop0: detected capacity change from 0 to 1024
[ 36.891441][ T450] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 450] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 450] ftruncate(4, 7) = 0
[pid 450] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 450] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 450] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 450] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 450] exit_group(0) = ?
[pid 450] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=450, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./52/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./52/file1/lost+found") = 0
umount2("./52/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./52/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./52/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file0/file0") = 0
umount2("./52/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./52/file1/file0") = 0
umount2("./52/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file1") = 0
umount2("./52/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file2") = 0
umount2("./52/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file3") = 0
umount2("./52/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/file.cold") = 0
umount2("./52/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/memory.stat") = 0
umount2("./52/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./52/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file1") = -1 EBUSY (Device or resource busy)
[ 36.912091][ T450] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 36.926651][ T450] EXT4-fs (loop0): pa ffff888125f6d150: logic 256, phys. 385, len 8
[ 36.934676][ T450] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./52/file1") = 0
umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 453
./strace-static-x86_64: Process 453 attached
[pid 453] set_robust_list(0x55558e09e660, 24) = 0
[pid 453] chdir("./53") = 0
[pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 453] setpgid(0, 0) = 0
[pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 453] write(3, "1000", 4) = 4
[pid 453] close(3) = 0
[pid 453] symlink("/dev/binderfs", "./binderfs") = 0
[pid 453] write(1, "executing program\n", 18) = 18
[pid 453] memfd_create("syzkaller", 0) = 3
[pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 453] munmap(0x7f1f10b34000, 138412032) = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 453] close(3) = 0
[pid 453] close(4) = 0
[pid 453] mkdir("./file1", 0777) = 0
[pid 453] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 453] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 453] chdir("./file1") = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_CLR_FD) = 0
[pid 453] close(4) = 0
[pid 453] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 36.968776][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 36.990209][ T453] loop0: detected capacity change from 0 to 1024
[ 37.000966][ T453] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 453] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 453] ftruncate(4, 7) = 0
[pid 453] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 453] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 453] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 453] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 453] exit_group(0) = ?
[pid 453] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./53/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./53/file1/lost+found") = 0
umount2("./53/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./53/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./53/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file0/file0") = 0
umount2("./53/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./53/file1/file0") = 0
umount2("./53/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file1") = 0
umount2("./53/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file2") = 0
umount2("./53/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file3") = 0
umount2("./53/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/file.cold") = 0
umount2("./53/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/memory.stat") = 0
umount2("./53/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./53/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file1") = -1 EBUSY (Device or resource busy)
[ 37.020077][ T453] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 37.034636][ T453] EXT4-fs (loop0): pa ffff888125f935e8: logic 256, phys. 385, len 8
[ 37.042662][ T453] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./53/file1") = 0
umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 456
./strace-static-x86_64: Process 456 attached
[pid 456] set_robust_list(0x55558e09e660, 24) = 0
[pid 456] chdir("./54") = 0
[pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 456] setpgid(0, 0) = 0
[pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 456] write(3, "1000", 4) = 4
[pid 456] close(3) = 0
[pid 456] symlink("/dev/binderfs", "./binderfs") = 0
[pid 456] write(1, "executing program\n", 18) = 18
[pid 456] memfd_create("syzkaller", 0) = 3
[pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 456] munmap(0x7f1f10b34000, 138412032) = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 456] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 456] close(3) = 0
[pid 456] close(4) = 0
[pid 456] mkdir("./file1", 0777) = 0
[pid 456] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 456] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 456] chdir("./file1") = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 456] ioctl(4, LOOP_CLR_FD) = 0
[pid 456] close(4) = 0
[pid 456] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 37.070974][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 37.087007][ T456] loop0: detected capacity change from 0 to 1024
[ 37.100555][ T456] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 456] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 456] ftruncate(4, 7) = 0
[pid 456] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 456] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 456] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 456] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 456] exit_group(0) = ?
[pid 456] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./54/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./54/file1/lost+found") = 0
umount2("./54/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./54/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./54/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file0/file0") = 0
umount2("./54/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./54/file1/file0") = 0
umount2("./54/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file1") = 0
umount2("./54/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file2") = 0
umount2("./54/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file3") = 0
umount2("./54/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/file.cold") = 0
umount2("./54/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/memory.stat") = 0
umount2("./54/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./54/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/file1") = -1 EBUSY (Device or resource busy)
[ 37.121070][ T456] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 37.135716][ T456] EXT4-fs (loop0): pa ffff888125fd81f8: logic 256, phys. 385, len 8
[ 37.143733][ T456] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./54/file1") = 0
umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54"executing program
) = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 459
./strace-static-x86_64: Process 459 attached
[pid 459] set_robust_list(0x55558e09e660, 24) = 0
[pid 459] chdir("./55") = 0
[pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 459] setpgid(0, 0) = 0
[pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 459] write(3, "1000", 4) = 4
[pid 459] close(3) = 0
[pid 459] symlink("/dev/binderfs", "./binderfs") = 0
[pid 459] write(1, "executing program\n", 18) = 18
[pid 459] memfd_create("syzkaller", 0) = 3
[pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 459] munmap(0x7f1f10b34000, 138412032) = 0
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 459] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 459] close(3) = 0
[pid 459] close(4) = 0
[pid 459] mkdir("./file1", 0777) = 0
[ 37.173477][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 37.191042][ T459] loop0: detected capacity change from 0 to 1024
[pid 459] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 459] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 459] chdir("./file1") = 0
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 459] ioctl(4, LOOP_CLR_FD) = 0
[pid 459] close(4) = 0
[pid 459] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 37.220571][ T459] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 37.241601][ T459] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor199: Allocating blocks 497-513 which overlap fs metadata
[ 37.256641][ T459] EXT4-fs (loop0): pa ffff888125f93690: logic 256, phys. 385, len 8
[pid 459] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 459] ftruncate(4, 7) = 0
[pid 459] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 459] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 459] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 459] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 459] exit_group(0) = ?
[pid 459] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558e09f6f0 /* 4 entries */, 32768) = 112
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558e0a7730 /* 10 entries */, 32768) = 296
umount2("./55/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 2 entries */, 32768) = 48
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./55/file1/lost+found") = 0
umount2("./55/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./55/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x55558e0af770 /* 4 entries */, 32768) = 112
umount2("./55/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file0/file0") = 0
umount2("./55/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file0/file1") = 0
getdents64(5, 0x55558e0af770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./55/file1/file0") = 0
umount2("./55/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file1") = 0
umount2("./55/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file2") = 0
umount2("./55/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file3") = 0
umount2("./55/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/file.cold") = 0
umount2("./55/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/memory.stat") = 0
umount2("./55/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./55/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/file1/bus") = 0
getdents64(4, 0x55558e0a7730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./55/file1") = -1 EBUSY (Device or resource busy)
[ 37.264653][ T459] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./55/file1") = 0
umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
getdents64(3, 0x55558e09f6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e09e650) = 462
./strace-static-x86_64: Process 462 attached
[pid 462] set_robust_list(0x55558e09e660, 24) = 0
[pid 462] chdir("./56") = 0
[pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 462] setpgid(0, 0) = 0
[pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 462] write(3, "1000", 4) = 4
[pid 462] close(3) = 0
[pid 462] symlink("/dev/binderfs", "./binderfs") = 0
[pid 462] write(1, "executing program\n", 18executing program
) = 18
[pid 462] memfd_create("syzkaller", 0) = 3
[pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1f10b34000
[pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 462] munmap(0x7f1f10b34000, 138412032) = 0
[pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 462] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 462] close(3) = 0
[pid 462] close(4) = 0
[pid 462] mkdir("./file1", 0777) = 0
[ 37.293081][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 37.316701][ T462] loop0: detected capacity change from 0 to 1024