./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor596218889 <...> Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. execve("./syz-executor596218889", ["./syz-executor596218889"], 0x7fff4b89d110 /* 10 vars */) = 0 brk(NULL) = 0x555556cdd000 brk(0x555556cddc40) = 0x555556cddc40 arch_prctl(ARCH_SET_FS, 0x555556cdd300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556cdd5d0) = 295 set_robust_list(0x555556cdd5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f4e58f416f0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f4e58f41dc0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f4e58f41790, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4e58f41dc0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor596218889", 4096) = 27 brk(0x555556cfec40) = 0x555556cfec40 brk(0x555556cff000) = 0x555556cff000 mprotect(0x7f4e59003000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 295 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "295", 3) = 3 close(3) = 0 getpid() = 295 mkdir("./syzkaller.0AHsyv", 0700) = 0 chmod("./syzkaller.0AHsyv", 0777) = 0 chdir("./syzkaller.0AHsyv") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 296] chdir("./0") = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 296] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[297], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 297 [pid 296] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 297] munmap(0x7f4e50b10000, 1048576) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.172289][ T30] audit: type=1400 audit(1683462420.405:66): avc: denied { execmem } for pid=295 comm="syz-executor596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 24.195265][ T297] loop0: detected capacity change from 0 to 2048 [pid 297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 297] close(3) = 0 [pid 297] mkdir("./file0", 0777) = 0 [ 24.196434][ T30] audit: type=1400 audit(1683462420.405:67): avc: denied { integrity } for pid=295 comm="syz-executor596" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 24.224273][ T30] audit: type=1400 audit(1683462420.415:68): avc: denied { read write } for pid=295 comm="syz-executor596" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.248013][ T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 297] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("./file0") = 0 [pid 297] ioctl(4, LOOP_CLR_FD) = 0 [pid 297] close(4) = 0 [pid 297] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 297] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 297] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] ftruncate(5, 33587195) = 0 [pid 297] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 296] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[303], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 303 [pid 296] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 296] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[304], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 304 [pid 296] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] sendfile(4, 5, [0] => [4], 4) = 4 [pid 297] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 303] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 24.249466][ T30] audit: type=1400 audit(1683462420.415:69): avc: denied { open } for pid=295 comm="syz-executor596" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 24.283318][ T30] audit: type=1400 audit(1683462420.415:70): avc: denied { ioctl } for pid=295 comm="syz-executor596" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 304] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 24.319377][ T30] audit: type=1400 audit(1683462420.445:71): avc: denied { mounton } for pid=296 comm="syz-executor596" path="/root/syzkaller.0AHsyv/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 24.344259][ T30] audit: type=1400 audit(1683462420.505:72): avc: denied { mount } for pid=296 comm="syz-executor596" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 24.366293][ T30] audit: type=1400 audit(1683462420.515:73): avc: denied { write } for pid=296 comm="syz-executor596" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.388231][ T30] audit: type=1400 audit(1683462420.515:74): avc: denied { add_name } for pid=296 comm="syz-executor596" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 304] <... mmap resumed>) = 0x20000000 [pid 304] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.409055][ T30] audit: type=1400 audit(1683462420.515:75): avc: denied { create } for pid=296 comm="syz-executor596" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 304] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] exit_group(0 [pid 304] <... futex resumed>) = ? [pid 296] <... exit_group resumed>) = ? [pid 304] +++ exited with 0 +++ [pid 303] <... sendfile resumed>) = ? [pid 297] <... futex resumed>) = ? [pid 297] +++ exited with 0 +++ [pid 303] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=30} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 24.556368][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.571203][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 24.583577][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.583577][ T302] [ 24.593244][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 24.599150][ T302] EXT4-fs (loop0): Free/Dirty block details [ 24.604775][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 24.610545][ T302] EXT4-fs (loop0): dirty_blocks=12816 [ 24.615758][ T302] EXT4-fs (loop0): Block reservation details [ 24.621551][ T302] EXT4-fs (loop0): i_reserved_data_blocks=801 [ 24.637189][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 24.649720][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.649720][ T302] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 306] chdir("./1") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 306] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 307 attached , parent_tid=[307], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 307 [pid 306] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 307] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 307] memfd_create("syzkaller", 0) = 3 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 307] munmap(0x7f4e50b10000, 1048576) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 307] close(3) = 0 [pid 307] mkdir("./file0", 0777) = 0 [pid 307] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 307] chdir("./file0") = 0 [pid 307] ioctl(4, LOOP_CLR_FD) = 0 [pid 307] close(4) = 0 [pid 307] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 307] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 307] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] ftruncate(5, 33587195) = 0 [pid 307] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 306] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[310], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 310 [pid 306] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 306] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[311], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 311 [pid 306] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] sendfile(4, 5, [0] => [4], 4) = 4 [pid 307] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 310] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 24.857687][ T307] loop0: detected capacity change from 0 to 2048 [ 24.877452][ T307] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 311] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 311] <... mmap resumed>) = 0x20000000 [pid 311] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] exit_group(0) = ? [pid 310] <... sendfile resumed>) = ? [pid 311] <... futex resumed>) = ? [pid 307] <... futex resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 310] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 25.073499][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.088224][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 25.100489][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.100489][ T8] [ 25.110073][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 25.115930][ T8] EXT4-fs (loop0): Free/Dirty block details [ 25.121680][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 25.127288][ T8] EXT4-fs (loop0): dirty_blocks=10096 [ 25.132438][ T8] EXT4-fs (loop0): Block reservation details [ 25.138293][ T8] EXT4-fs (loop0): i_reserved_data_blocks=631 [ 25.153660][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 25.166191][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.166191][ T8] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 312 ./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 312] chdir("./2") = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 312] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 312] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[313], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 313 [pid 312] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 313] memfd_create("syzkaller", 0) = 3 [pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 313] munmap(0x7f4e50b10000, 1048576) = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 313] close(3) = 0 [pid 313] mkdir("./file0", 0777) = 0 [pid 313] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 313] chdir("./file0") = 0 [pid 313] ioctl(4, LOOP_CLR_FD) = 0 [pid 313] close(4) = 0 [pid 313] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 313] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 1 [pid 313] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 313] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 1 [pid 313] ftruncate(5, 33587195) = 0 [pid 313] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 313] sendfile(4, 5, [0] [pid 312] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 313] <... sendfile resumed> => [4], 4) = 4 [pid 312] <... mmap resumed>) = 0x7f4e50bef000 [pid 312] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 316 attached , parent_tid=[316], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 316 [pid 316] set_robust_list(0x7f4e50c0f9e0, 24 [pid 312] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 316] <... set_robust_list resumed>) = 0 [pid 312] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE [pid 316] sendfile(4, 5, NULL, 281474978811909 [pid 312] <... mprotect resumed>) = 0 [pid 312] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[317], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 317 [pid 312] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 25.312719][ T313] loop0: detected capacity change from 0 to 2048 [ 25.327080][ T313] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 317] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 312] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 312] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 317] <... mmap resumed>) = 0x20000000 [pid 317] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] exit_group(0 [pid 317] <... futex resumed>) = ? [pid 313] <... futex resumed>) = ? [pid 312] <... exit_group resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 316] <... sendfile resumed>) = ? [pid 313] +++ exited with 0 +++ [pid 316] +++ exited with 0 +++ [pid 312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 25.529243][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.543949][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 25.556224][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.556224][ T8] [ 25.565880][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 25.571677][ T8] EXT4-fs (loop0): Free/Dirty block details [ 25.577437][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 25.582968][ T8] EXT4-fs (loop0): dirty_blocks=10256 [ 25.588199][ T8] EXT4-fs (loop0): Block reservation details [ 25.593980][ T8] EXT4-fs (loop0): i_reserved_data_blocks=641 [ 25.609647][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 25.622195][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.622195][ T8] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 319 attached , child_tidptr=0x555556cdd5d0) = 319 [pid 319] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 319] chdir("./3") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 319] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 320 attached , parent_tid=[320], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 320 [pid 320] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 320] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 319] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 320] <... futex resumed>) = 0 [pid 320] memfd_create("syzkaller", 0) = 3 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 319] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 320] munmap(0x7f4e50b10000, 1048576) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 320] close(3) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 320] chdir("./file0") = 0 [pid 320] ioctl(4, LOOP_CLR_FD) = 0 [pid 320] close(4) = 0 [pid 320] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 320] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 320] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] ftruncate(5, 33587195) = 0 [pid 320] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 319] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[323], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 323 [pid 319] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 319] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[324], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 324 [pid 319] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] sendfile(4, 5, [0] => [4], 4) = 4 [pid 320] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 323 attached ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x7f4e50bee9e0, 24 [pid 323] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 323] sendfile(4, 5, NULL, 281474978811909 [pid 324] <... set_robust_list resumed>) = 0 [ 25.789971][ T320] loop0: detected capacity change from 0 to 2048 [ 25.807091][ T320] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 324] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 319] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 319] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 319] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 324] <... mmap resumed>) = 0x20000000 [pid 324] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 319] exit_group(0 [pid 320] <... futex resumed>) = ? [pid 319] <... exit_group resumed>) = ? [pid 323] <... sendfile resumed>) = ? [pid 323] +++ exited with 0 +++ [pid 324] <... futex resumed>) = ? [pid 320] +++ exited with 0 +++ [pid 324] +++ exited with 0 +++ [pid 319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 26.002586][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.017442][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 26.029707][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.029707][ T8] [ 26.039452][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 26.045235][ T8] EXT4-fs (loop0): Free/Dirty block details [ 26.051049][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 26.056588][ T8] EXT4-fs (loop0): dirty_blocks=9664 [ 26.061632][ T8] EXT4-fs (loop0): Block reservation details [ 26.067477][ T8] EXT4-fs (loop0): i_reserved_data_blocks=604 [ 26.082875][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 26.095401][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.095401][ T8] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 325] chdir("./4") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 325] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 325] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[326], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 326 [pid 325] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 326] memfd_create("syzkaller", 0) = 3 [pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 326] munmap(0x7f4e50b10000, 1048576) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 326] close(3) = 0 [pid 326] mkdir("./file0", 0777) = 0 [pid 326] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 326] chdir("./file0") = 0 [pid 326] ioctl(4, LOOP_CLR_FD) = 0 [pid 326] close(4) = 0 [pid 326] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 325] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... open resumed>) = 4 [pid 326] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 326] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 0 [pid 326] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 326] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] ftruncate(5, 33587195) = 0 [pid 326] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 325] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 325] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 329 attached , parent_tid=[329], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 329 [pid 329] set_robust_list(0x7f4e50c0f9e0, 24 [pid 325] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... set_robust_list resumed>) = 0 [pid 325] <... futex resumed>) = 0 [pid 325] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 329] sendfile(4, 5, NULL, 281474978811909 [pid 325] <... mmap resumed>) = 0x7f4e50bce000 [pid 325] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 325] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[330], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 330 [pid 326] sendfile(4, 5, [0] [pid 325] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 26.256304][ T326] loop0: detected capacity change from 0 to 2048 [ 26.267099][ T326] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 26.290683][ T326] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 330] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 325] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 325] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 325] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 26.305740][ T326] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 26.317953][ T326] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.317953][ T326] [ 26.327596][ T326] EXT4-fs (loop0): Total free blocks count 0 [ 26.333330][ T326] EXT4-fs (loop0): Free/Dirty block details [ 26.339224][ T326] EXT4-fs (loop0): free_blocks=2415919104 [ 26.345023][ T326] EXT4-fs (loop0): dirty_blocks=32 [ 26.350007][ T326] EXT4-fs (loop0): Block reservation details [pid 326] <... sendfile resumed>, 4) = -1 ENOSPC (No space left on device) [pid 326] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 26.355787][ T326] EXT4-fs (loop0): i_reserved_data_blocks=2 [pid 326] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] <... mmap resumed>) = 0x20000000 [pid 330] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] exit_group(0) = ? [pid 330] <... futex resumed>) = ? [pid 326] <... futex resumed>) = ? [pid 330] +++ exited with 0 +++ [pid 326] +++ exited with 0 +++ [pid 329] <... sendfile resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 26.457661][ T326] syz-executor596 (326) used greatest stack depth: 22400 bytes left [ 26.481377][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 26.493786][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.493786][ T302] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 332] chdir("./5") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 332] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 332] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[333], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 333 [pid 332] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 333] munmap(0x7f4e50b10000, 1048576) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 333] close(3) = 0 [pid 333] mkdir("./file0", 0777) = 0 [pid 333] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 333] chdir("./file0") = 0 [pid 333] ioctl(4, LOOP_CLR_FD) = 0 [pid 333] close(4) = 0 [pid 333] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 333] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 333] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] ftruncate(5, 33587195) = 0 [pid 333] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 333] sendfile(4, 5, [0] [pid 332] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 332] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 332] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 333] <... sendfile resumed> => [4], 4) = 4 [pid 333] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] <... clone resumed>, parent_tid=[336], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 336 [pid 333] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 332] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 332] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 336 attached [pid 333] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 336] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [ 26.656056][ T333] loop0: detected capacity change from 0 to 2048 [ 26.677164][ T333] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 336] sendfile(4, 5, NULL, 281474978811909 [pid 332] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 332] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 333] <... mmap resumed>) = 0x20000000 [pid 333] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 332] exit_group(0) = ? [pid 333] <... futex resumed>) = ? [pid 336] <... sendfile resumed>) = ? [pid 336] +++ exited with 0 +++ [pid 333] +++ exited with 0 +++ [pid 332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=28} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 26.882821][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.897672][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 26.909939][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.909939][ T302] [ 26.919615][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 26.925408][ T302] EXT4-fs (loop0): Free/Dirty block details [ 26.931381][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 26.936997][ T302] EXT4-fs (loop0): dirty_blocks=10000 [ 26.942151][ T302] EXT4-fs (loop0): Block reservation details [ 26.947965][ T302] EXT4-fs (loop0): i_reserved_data_blocks=625 [ 26.963463][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 26.976004][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.976004][ T10] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 337 ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 337] chdir("./6") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 337] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[338], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 338 [pid 337] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 338] munmap(0x7f4e50b10000, 1048576) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [pid 338] mkdir("./file0", 0777) = 0 [pid 338] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 338] chdir("./file0") = 0 [pid 338] ioctl(4, LOOP_CLR_FD) = 0 [pid 338] close(4) = 0 [pid 338] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 338] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] <... futex resumed>) = 1 [pid 337] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] <... futex resumed>) = 0 [pid 337] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 338] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] ftruncate(5, 33587195) = 0 [pid 338] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] <... futex resumed>) = 1 [pid 337] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 337] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 338] <... futex resumed>) = 0 [pid 337] <... mmap resumed>) = 0x7f4e50bef000 [pid 337] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 341 attached [pid 338] sendfile(4, 5, [0] [pid 337] <... clone resumed>, parent_tid=[341], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 341 [pid 337] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 337] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[342], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 342 [pid 338] <... sendfile resumed> => [4], 4) = 4 [pid 337] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 342 attached [pid 341] set_robust_list(0x7f4e50c0f9e0, 24 [pid 338] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 341] <... set_robust_list resumed>) = 0 [pid 338] <... futex resumed>) = 0 [pid 342] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 338] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [ 27.101587][ T338] loop0: detected capacity change from 0 to 2048 [ 27.116968][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 341] sendfile(4, 5, NULL, 281474978811909 [pid 337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 342] <... mmap resumed>) = 0x20000000 [pid 342] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] exit_group(0 [pid 342] <... futex resumed>) = ? [pid 338] <... futex resumed>) = ? [pid 337] <... exit_group resumed>) = ? [pid 342] +++ exited with 0 +++ [pid 338] +++ exited with 0 +++ [pid 341] <... sendfile resumed>) = ? [pid 341] +++ exited with 0 +++ [pid 337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 27.321703][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.336417][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 27.348688][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.348688][ T302] [ 27.358188][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 27.363927][ T302] EXT4-fs (loop0): Free/Dirty block details [ 27.369713][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 27.375209][ T302] EXT4-fs (loop0): dirty_blocks=10672 [ 27.380441][ T302] EXT4-fs (loop0): Block reservation details [ 27.386245][ T302] EXT4-fs (loop0): i_reserved_data_blocks=667 [ 27.401919][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 27.414462][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.414462][ T302] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 344] chdir("./7") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 344] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 344] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[345], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 345 [pid 344] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 345] memfd_create("syzkaller", 0) = 3 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 345] munmap(0x7f4e50b10000, 1048576) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 345] close(3) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 345] chdir("./file0") = 0 [pid 345] ioctl(4, LOOP_CLR_FD) = 0 [pid 345] close(4) = 0 [pid 345] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 345] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 345] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] ftruncate(5, 33587195) = 0 [pid 345] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 344] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 344] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[348], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 348 [pid 344] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 344] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 344] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[349], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 349 [pid 344] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] sendfile(4, 5, [0] => [4], 4) = 4 [pid 345] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 348] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 27.577163][ T345] loop0: detected capacity change from 0 to 2048 [ 27.586853][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 349] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 344] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 344] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 344] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 344] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 349] <... mmap resumed>) = 0x20000000 [pid 349] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] exit_group(0) = ? [pid 349] <... futex resumed>) = ? [pid 345] <... futex resumed>) = ? [pid 345] +++ exited with 0 +++ [pid 348] <... sendfile resumed>) = ? [pid 348] +++ exited with 0 +++ [pid 349] +++ exited with 0 +++ [pid 344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 27.787457][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.802419][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 27.814689][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.814689][ T302] [ 27.824316][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 27.830111][ T302] EXT4-fs (loop0): Free/Dirty block details [ 27.835850][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 27.841384][ T302] EXT4-fs (loop0): dirty_blocks=9808 [ 27.846527][ T302] EXT4-fs (loop0): Block reservation details [ 27.852315][ T302] EXT4-fs (loop0): i_reserved_data_blocks=613 [ 27.868090][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 27.880807][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.880807][ T10] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 350] chdir("./8") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 350] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 350] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[351], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 351 [pid 350] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 351] memfd_create("syzkaller", 0) = 3 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 351] munmap(0x7f4e50b10000, 1048576) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 351] close(3) = 0 [pid 351] mkdir("./file0", 0777) = 0 [pid 351] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 351] chdir("./file0") = 0 [pid 351] ioctl(4, LOOP_CLR_FD) = 0 [pid 351] close(4) = 0 [pid 351] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] <... futex resumed>) = 0 [pid 351] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 0 [pid 351] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 351] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 351] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] ftruncate(5, 33587195) = 0 [pid 351] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] <... futex resumed>) = 0 [pid 351] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] <... futex resumed>) = 0 [pid 351] sendfile(4, 5, [0] [pid 350] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 350] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 350] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[354], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 354 [pid 350] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... sendfile resumed> => [4], 4) = 4 [pid 350] <... futex resumed>) = 0 ./strace-static-x86_64: Process 354 attached [pid 350] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 351] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... mmap resumed>) = 0x7f4e50bce000 [pid 351] <... futex resumed>) = 0 [pid 350] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE [pid 351] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] <... mprotect resumed>) = 0 [pid 354] set_robust_list(0x7f4e50c0f9e0, 24 [pid 350] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 354] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 355 attached [pid 354] sendfile(4, 5, NULL, 281474978811909 [pid 350] <... clone resumed>, parent_tid=[355], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 355 [pid 355] set_robust_list(0x7f4e50bee9e0, 24 [pid 350] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... set_robust_list resumed>) = 0 [ 28.013417][ T351] loop0: detected capacity change from 0 to 2048 [ 28.027110][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 355] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 350] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 350] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 350] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 355] <... mmap resumed>) = 0x20000000 [pid 355] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] exit_group(0 [pid 355] <... futex resumed>) = ? [pid 354] <... sendfile resumed>) = ? [pid 355] +++ exited with 0 +++ [pid 351] <... futex resumed>) = ? [pid 350] <... exit_group resumed>) = ? [pid 354] +++ exited with 0 +++ [pid 351] +++ exited with 0 +++ [pid 350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 28.244154][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.259104][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 28.271371][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 28.271371][ T302] [ 28.280817][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 28.286662][ T302] EXT4-fs (loop0): Free/Dirty block details [ 28.292332][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 28.297953][ T302] EXT4-fs (loop0): dirty_blocks=10560 [ 28.303099][ T302] EXT4-fs (loop0): Block reservation details [ 28.309012][ T302] EXT4-fs (loop0): i_reserved_data_blocks=660 [ 28.324576][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 28.337109][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 28.337109][ T302] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 357] chdir("./9") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 357] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[358], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 358 [pid 357] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 358 attached [pid 357] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 358] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 358] memfd_create("syzkaller", 0) = 3 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 358] munmap(0x7f4e50b10000, 1048576) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 358] close(3) = 0 [pid 358] mkdir("./file0", 0777) = 0 [pid 358] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 358] chdir("./file0") = 0 [pid 358] ioctl(4, LOOP_CLR_FD) = 0 [pid 358] close(4) = 0 [pid 358] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 358] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 358] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] ftruncate(5, 33587195) = 0 [pid 358] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 357] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[361], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 361 [pid 357] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 357] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[362], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 362 [pid 357] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] sendfile(4, 5, [0] => [4], 4) = 4 [pid 358] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 361] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 28.475566][ T358] loop0: detected capacity change from 0 to 2048 [ 28.487085][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 362] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 357] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 357] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 357] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 362] <... mmap resumed>) = 0x20000000 [pid 362] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] exit_group(0) = ? [pid 362] <... futex resumed>) = ? [pid 358] <... futex resumed>) = ? [pid 358] +++ exited with 0 +++ [pid 361] <... sendfile resumed>) = ? [pid 361] +++ exited with 0 +++ [pid 362] +++ exited with 0 +++ [pid 357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 28.686940][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.701796][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 28.714038][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 28.714038][ T8] [ 28.723745][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 28.729597][ T8] EXT4-fs (loop0): Free/Dirty block details [ 28.735257][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 28.741032][ T8] EXT4-fs (loop0): dirty_blocks=9904 [ 28.746142][ T8] EXT4-fs (loop0): Block reservation details [ 28.752019][ T8] EXT4-fs (loop0): i_reserved_data_blocks=619 [ 28.767555][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 28.780081][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 28.780081][ T8] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 363] chdir("./10") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 363] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[364], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 364 [pid 363] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 364] memfd_create("syzkaller", 0) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 364] munmap(0x7f4e50b10000, 1048576) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 364] close(3) = 0 [pid 364] mkdir("./file0", 0777) = 0 [pid 364] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 364] chdir("./file0") = 0 [pid 364] ioctl(4, LOOP_CLR_FD) = 0 [pid 364] close(4) = 0 [pid 364] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 364] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 364] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] ftruncate(5, 33587195) = 0 [pid 364] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 363] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[367], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 367 [pid 363] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 363] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[368], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 368 [pid 363] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] sendfile(4, 5, [0] => [4], 4) = 4 [pid 364] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 367] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 28.896935][ T364] loop0: detected capacity change from 0 to 2048 [ 28.906860][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 368] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 363] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 368] <... mmap resumed>) = 0x20000000 [pid 368] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] exit_group(0 [pid 368] <... futex resumed>) = ? [pid 364] <... futex resumed>) = ? [pid 363] <... exit_group resumed>) = ? [pid 368] +++ exited with 0 +++ [pid 364] +++ exited with 0 +++ [pid 367] <... sendfile resumed>) = ? [pid 367] +++ exited with 0 +++ [pid 363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 29.105074][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.119878][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 29.132283][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.132283][ T8] [ 29.141835][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 29.147650][ T8] EXT4-fs (loop0): Free/Dirty block details [ 29.153366][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 29.158962][ T8] EXT4-fs (loop0): dirty_blocks=10016 [ 29.164119][ T8] EXT4-fs (loop0): Block reservation details [ 29.169960][ T8] EXT4-fs (loop0): i_reserved_data_blocks=626 [ 29.185178][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 29.197703][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.197703][ T8] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 369] chdir("./11") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 369] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 369] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 370 attached , parent_tid=[370], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 370 [pid 370] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 370] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 370] memfd_create("syzkaller", 0) = 3 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7f4e50b10000, 1048576) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 370] close(3) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 370] chdir("./file0") = 0 [pid 370] ioctl(4, LOOP_CLR_FD) = 0 [pid 370] close(4) = 0 [pid 370] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 370] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 370] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] ftruncate(5, 33587195) = 0 [pid 370] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 369] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[373], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 373 [pid 369] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 369] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[374], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 374 [pid 369] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] sendfile(4, 5, [0] => [4], 4) = 4 [pid 370] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 374] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [ 29.367057][ T370] loop0: detected capacity change from 0 to 2048 [ 29.376688][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 373] sendfile(4, 5, NULL, 281474978811909 [pid 369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 374] <... mmap resumed>) = 0x20000000 [pid 374] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] exit_group(0 [pid 370] <... futex resumed>) = ? [pid 369] <... exit_group resumed>) = ? [pid 370] +++ exited with 0 +++ [pid 374] <... futex resumed>) = ? [pid 373] <... sendfile resumed>) = ? [pid 374] +++ exited with 0 +++ [pid 373] +++ exited with 0 +++ [pid 369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 29.584185][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.599036][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 29.611325][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.611325][ T8] [ 29.620971][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 29.626847][ T8] EXT4-fs (loop0): Free/Dirty block details [ 29.632489][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 29.638084][ T8] EXT4-fs (loop0): dirty_blocks=10112 [ 29.643249][ T8] EXT4-fs (loop0): Block reservation details [ 29.649104][ T8] EXT4-fs (loop0): i_reserved_data_blocks=632 [ 29.664660][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 29.677187][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.677187][ T302] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 376] chdir("./12") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 376] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 376] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[377], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 377 [pid 376] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 377] memfd_create("syzkaller", 0) = 3 [pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 377] munmap(0x7f4e50b10000, 1048576) = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 377] close(3) = 0 [pid 377] mkdir("./file0", 0777) = 0 [pid 377] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 377] chdir("./file0") = 0 [pid 377] ioctl(4, LOOP_CLR_FD) = 0 [pid 377] close(4) = 0 [pid 377] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = 1 [pid 377] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 377] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = 1 [pid 377] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 377] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = 1 [pid 377] ftruncate(5, 33587195) = 0 [pid 377] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 376] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 377] sendfile(4, 5, [0] [pid 376] <... clone resumed>, parent_tid=[380], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 380 [pid 376] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 376] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[381], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 381 [pid 376] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 380 attached ./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x7f4e50bee9e0, 24 [pid 380] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 381] <... set_robust_list resumed>) = 0 [pid 380] sendfile(4, 5, NULL, 281474978811909 [ 29.853392][ T377] loop0: detected capacity change from 0 to 2048 [ 29.866965][ T377] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 29.887403][ T377] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 381] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 381] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [ 29.903164][ T377] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 29.915254][ T377] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.915254][ T377] [ 29.925187][ T377] EXT4-fs (loop0): Total free blocks count 0 [ 29.931048][ T377] EXT4-fs (loop0): Free/Dirty block details [ 29.936742][ T377] EXT4-fs (loop0): free_blocks=2415919104 [ 29.942267][ T377] EXT4-fs (loop0): dirty_blocks=64 [ 29.947260][ T377] EXT4-fs (loop0): Block reservation details [pid 381] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] <... sendfile resumed>, 4) = -1 ENOSPC (No space left on device) [pid 377] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 29.953031][ T377] EXT4-fs (loop0): i_reserved_data_blocks=4 [pid 377] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] exit_group(0 [pid 377] <... futex resumed>) = ? [pid 376] <... exit_group resumed>) = ? [pid 381] <... futex resumed>) = ? [pid 380] <... sendfile resumed>) = ? [pid 377] +++ exited with 0 +++ [pid 381] +++ exited with 0 +++ [pid 380] +++ exited with 0 +++ [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 30.066651][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 30.078915][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 30.078915][ T8] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 382] chdir("./13") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 382] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[383], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 383 [pid 382] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 383] memfd_create("syzkaller", 0) = 3 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 383] munmap(0x7f4e50b10000, 1048576) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 383] close(3) = 0 [pid 383] mkdir("./file0", 0777) = 0 [pid 383] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 383] chdir("./file0") = 0 [pid 383] ioctl(4, LOOP_CLR_FD) = 0 [pid 383] close(4) = 0 [pid 383] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 383] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 383] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] ftruncate(5, 33587195) = 0 [pid 383] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 383] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 382] <... futex resumed>) = 0 [pid 383] sendfile(4, 5, [0] [pid 382] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] <... sendfile resumed> => [4], 4) = 4 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 383] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... mmap resumed>) = 0x7f4e50bef000 [pid 383] <... futex resumed>) = 0 [pid 382] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE [pid 383] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] <... mprotect resumed>) = 0 [pid 382] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[386], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 386 [pid 382] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 0 [pid 383] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [ 30.220223][ T383] loop0: detected capacity change from 0 to 2048 [ 30.237297][ T383] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 386] sendfile(4, 5, NULL, 281474978811909 [pid 382] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 382] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 383] <... mmap resumed>) = 0x20000000 [pid 383] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] exit_group(0) = ? [pid 383] <... futex resumed>) = 231 [pid 386] <... sendfile resumed>) = ? [pid 386] +++ exited with 0 +++ [pid 383] +++ exited with 0 +++ [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=29} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 30.434258][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.449142][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 30.461505][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 30.461505][ T302] [ 30.471006][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 30.476921][ T302] EXT4-fs (loop0): Free/Dirty block details [ 30.482638][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 30.488238][ T302] EXT4-fs (loop0): dirty_blocks=10224 [ 30.493400][ T302] EXT4-fs (loop0): Block reservation details [ 30.499239][ T302] EXT4-fs (loop0): i_reserved_data_blocks=639 [ 30.514485][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 30.527004][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 30.527004][ T302] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 388] chdir("./14") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 388] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 388] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 388] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[389], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 389 [pid 388] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 389] memfd_create("syzkaller", 0) = 3 [pid 389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 389] munmap(0x7f4e50b10000, 1048576) = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 389] close(3) = 0 [pid 389] mkdir("./file0", 0777) = 0 [pid 389] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 389] chdir("./file0") = 0 [pid 389] ioctl(4, LOOP_CLR_FD) = 0 [pid 389] close(4) = 0 [pid 389] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = 0 [pid 388] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 389] <... futex resumed>) = 1 [pid 389] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 389] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = 0 [pid 388] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 389] <... futex resumed>) = 1 [pid 389] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 389] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = 0 [pid 388] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 389] <... futex resumed>) = 1 [pid 389] ftruncate(5, 33587195) = 0 [pid 389] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = 0 [pid 388] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 388] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 388] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[392], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 392 [pid 388] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 392 attached ) = 0 [pid 392] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 392] sendfile(4, 5, NULL, 281474978811909 [pid 388] <... mmap resumed>) = 0x7f4e50bce000 [pid 388] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 388] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 393 attached [pid 389] <... futex resumed>) = 1 [pid 388] <... clone resumed>, parent_tid=[393], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 393 [pid 393] set_robust_list(0x7f4e50bee9e0, 24 [pid 389] sendfile(4, 5, [0] [pid 393] <... set_robust_list resumed>) = 0 [pid 388] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 388] <... futex resumed>) = 0 [ 30.671557][ T389] loop0: detected capacity change from 0 to 2048 [ 30.686986][ T389] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 388] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... mmap resumed>) = 0x20000000 [pid 393] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 393] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 388] <... futex resumed>) = 0 [ 30.708896][ T389] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.723954][ T389] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 30.736086][ T389] EXT4-fs (loop0): This should not happen!! Data will be lost [ 30.736086][ T389] [ 30.746003][ T389] EXT4-fs (loop0): Total free blocks count 0 [ 30.751805][ T389] EXT4-fs (loop0): Free/Dirty block details [ 30.757924][ T389] EXT4-fs (loop0): free_blocks=2415919104 [ 30.763527][ T389] EXT4-fs (loop0): dirty_blocks=32 [pid 389] <... sendfile resumed>, 4) = -1 ENOSPC (No space left on device) [pid 389] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 30.768802][ T389] EXT4-fs (loop0): Block reservation details [ 30.774597][ T389] EXT4-fs (loop0): i_reserved_data_blocks=2 [pid 389] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 388] exit_group(0 [pid 393] <... futex resumed>) = ? [pid 389] <... futex resumed>) = ? [pid 388] <... exit_group resumed>) = ? [pid 392] <... sendfile resumed>) = ? [pid 389] +++ exited with 0 +++ [pid 393] +++ exited with 0 +++ [pid 392] +++ exited with 0 +++ [pid 388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 30.889859][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 30.902123][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 30.902123][ T10] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 394 ./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 394] chdir("./15") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 394] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 394] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 395 attached , parent_tid=[395], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 395 [pid 395] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 395] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 394] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 395] memfd_create("syzkaller", 0) = 3 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 395] munmap(0x7f4e50b10000, 1048576) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 395] close(3) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 395] chdir("./file0") = 0 [pid 395] ioctl(4, LOOP_CLR_FD) = 0 [pid 395] close(4) = 0 [pid 395] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 395] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 395] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] ftruncate(5, 33587195) = 0 [pid 395] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 394] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[398], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 398 [pid 394] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 394] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[399], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 399 [pid 394] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] sendfile(4, 5, [0] => [4], 4) = 4 [pid 395] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 399] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [ 31.066859][ T395] loop0: detected capacity change from 0 to 2048 [ 31.087085][ T395] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 398] sendfile(4, 5, NULL, 281474978811909 [pid 394] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 394] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 394] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 394] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 394] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 399] <... mmap resumed>) = 0x20000000 [pid 399] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] exit_group(0) = ? [pid 399] <... futex resumed>) = ? [pid 395] <... futex resumed>) = ? [pid 399] +++ exited with 0 +++ [pid 395] +++ exited with 0 +++ [pid 398] <... sendfile resumed>) = ? [pid 398] +++ exited with 0 +++ [pid 394] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 31.288656][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 31.303627][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 31.315868][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 31.315868][ T302] [ 31.325308][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 31.331388][ T302] EXT4-fs (loop0): Free/Dirty block details [ 31.337233][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 31.342762][ T302] EXT4-fs (loop0): dirty_blocks=10096 [ 31.347997][ T302] EXT4-fs (loop0): Block reservation details [ 31.353783][ T302] EXT4-fs (loop0): i_reserved_data_blocks=631 [ 31.369459][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 31.381974][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 31.381974][ T302] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 401] chdir("./16") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 401] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[402], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 402 ./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x7f4e58f309e0, 24 [pid 401] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... set_robust_list resumed>) = 0 [pid 402] memfd_create("syzkaller", 0 [pid 401] <... futex resumed>) = 0 [pid 402] <... memfd_create resumed>) = 3 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 401] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 402] munmap(0x7f4e50b10000, 1048576) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 402] close(3) = 0 [pid 402] mkdir("./file0", 0777) = 0 [pid 402] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 402] chdir("./file0") = 0 [pid 402] ioctl(4, LOOP_CLR_FD) = 0 [pid 402] close(4) = 0 [pid 402] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 402] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 402] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] ftruncate(5, 33587195) = 0 [pid 402] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 401] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 405 attached , parent_tid=[405], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 405 [pid 405] set_robust_list(0x7f4e50c0f9e0, 24 [pid 401] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... set_robust_list resumed>) = 0 [pid 401] <... futex resumed>) = 0 [pid 402] sendfile(4, 5, [0] => [4], 4) = 4 [pid 402] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] sendfile(4, 5, NULL, 281474978811909 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 401] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 406 attached , parent_tid=[406], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 406 [pid 406] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 401] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 401] <... futex resumed>) = 0 [ 31.535040][ T402] loop0: detected capacity change from 0 to 2048 [ 31.547118][ T402] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 401] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 406] <... mmap resumed>) = 0x20000000 [pid 406] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] exit_group(0 [pid 406] <... futex resumed>) = ? [pid 402] <... futex resumed>) = ? [pid 405] <... sendfile resumed>) = ? [pid 405] +++ exited with 0 +++ [pid 406] +++ exited with 0 +++ [pid 401] <... exit_group resumed>) = ? [pid 402] +++ exited with 0 +++ [pid 401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 31.749772][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 31.764579][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 31.776921][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 31.776921][ T302] [ 31.786424][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 31.792218][ T302] EXT4-fs (loop0): Free/Dirty block details [ 31.797991][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 31.803505][ T302] EXT4-fs (loop0): dirty_blocks=10080 [ 31.808782][ T302] EXT4-fs (loop0): Block reservation details [ 31.814528][ T302] EXT4-fs (loop0): i_reserved_data_blocks=630 [ 31.830141][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 31.842680][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 31.842680][ T8] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 407] chdir("./17") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 407] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[408], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 408 [pid 407] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 408] munmap(0x7f4e50b10000, 1048576) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./file0") = 0 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 408] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 408] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] ftruncate(5, 33587195) = 0 [pid 408] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 407] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[411], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 411 [pid 407] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 407] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[412], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 412 [pid 407] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] sendfile(4, 5, [0] => [4], 4) = 4 [pid 408] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 411] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 31.994434][ T408] loop0: detected capacity change from 0 to 2048 [ 32.006882][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 412] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 407] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 412] <... mmap resumed>) = 0x20000000 [pid 412] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] exit_group(0) = ? [pid 408] <... futex resumed>) = 231 [pid 412] <... futex resumed>) = ? [pid 412] +++ exited with 0 +++ [pid 408] +++ exited with 0 +++ [pid 411] <... sendfile resumed>) = ? [pid 411] +++ exited with 0 +++ [pid 407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 32.199032][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 32.213880][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 32.226123][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.226123][ T8] [ 32.235582][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 32.241375][ T8] EXT4-fs (loop0): Free/Dirty block details [ 32.247126][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 32.252655][ T8] EXT4-fs (loop0): dirty_blocks=9808 [ 32.257828][ T8] EXT4-fs (loop0): Block reservation details [ 32.263702][ T8] EXT4-fs (loop0): i_reserved_data_blocks=613 [ 32.279118][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 32.291743][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.291743][ T302] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 413 ./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 413] chdir("./18") = 0 [pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 413] setpgid(0, 0) = 0 [pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 413] write(3, "1000", 4) = 4 [pid 413] close(3) = 0 [pid 413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 413] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 413] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 413] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x7f4e58f309e0, 24 [pid 413] <... clone resumed>, parent_tid=[414], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 414 [pid 413] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] <... set_robust_list resumed>) = 0 [pid 413] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 414] memfd_create("syzkaller", 0) = 3 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 414] munmap(0x7f4e50b10000, 1048576) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 414] close(3) = 0 [pid 414] mkdir("./file0", 0777) = 0 [pid 414] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 414] chdir("./file0") = 0 [pid 414] ioctl(4, LOOP_CLR_FD) = 0 [pid 414] close(4) = 0 [pid 414] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 413] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 414] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 413] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 414] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 413] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] ftruncate(5, 33587195) = 0 [pid 414] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 413] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 413] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 413] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[418], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 418 [pid 413] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 413] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 413] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 419 attached ./strace-static-x86_64: Process 418 attached [pid 419] set_robust_list(0x7f4e50bee9e0, 24 [pid 418] set_robust_list(0x7f4e50c0f9e0, 24 [pid 414] <... futex resumed>) = 1 [pid 413] <... clone resumed>, parent_tid=[419], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 419 [pid 413] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... set_robust_list resumed>) = 0 [pid 419] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 418] <... set_robust_list resumed>) = 0 [ 32.457129][ T414] loop0: detected capacity change from 0 to 2048 [ 32.477102][ T414] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 418] sendfile(4, 5, NULL, 281474978811909 [pid 414] sendfile(4, 5, 0x20000040, 4 [pid 419] <... mmap resumed>) = 0x20000000 [pid 419] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = 1 [ 32.497941][ T418] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 32.513159][ T418] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 32.525629][ T418] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.525629][ T418] [ 32.535329][ T418] EXT4-fs (loop0): Total free blocks count 0 [ 32.541235][ T418] EXT4-fs (loop0): Free/Dirty block details [ 32.547264][ T418] EXT4-fs (loop0): free_blocks=2415919104 [pid 419] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] <... sendfile resumed>) = -1 ENOSPC (No space left on device) [pid 414] <... sendfile resumed>) = 4 [pid 418] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f4e59009798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 413] exit_group(0 [pid 418] <... futex resumed>) = ? [pid 414] <... futex resumed>) = ? [pid 413] <... exit_group resumed>) = ? [pid 414] +++ exited with 0 +++ [pid 419] <... futex resumed>) = ? [pid 418] +++ exited with 0 +++ [pid 419] +++ exited with 0 +++ [pid 413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 32.552787][ T418] EXT4-fs (loop0): dirty_blocks=16 [ 32.557770][ T418] EXT4-fs (loop0): Block reservation details [ 32.563635][ T418] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 32.586402][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 32.598522][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.598522][ T8] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 420] chdir("./19") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 420] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[421], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 421 [pid 420] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 421] memfd_create("syzkaller", 0) = 3 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 421] munmap(0x7f4e50b10000, 1048576) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 421] close(3) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 421] chdir("./file0") = 0 [pid 421] ioctl(4, LOOP_CLR_FD) = 0 [pid 421] close(4) = 0 [pid 421] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 421] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 421] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] ftruncate(5, 33587195) = 0 [pid 421] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 420] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[424], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 424 [pid 420] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 420] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[425], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 425 [pid 420] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] sendfile(4, 5, [0] => [4], 4) = 4 [pid 421] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 424] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 32.695563][ T421] loop0: detected capacity change from 0 to 2048 [ 32.707687][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 425] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 420] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 420] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 420] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 425] <... mmap resumed>) = 0x20000000 [pid 425] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] exit_group(0 [pid 425] <... futex resumed>) = ? [pid 420] <... exit_group resumed>) = ? [pid 421] <... futex resumed>) = ? [pid 425] +++ exited with 0 +++ [pid 424] <... sendfile resumed>) = ? [pid 421] +++ exited with 0 +++ [pid 424] +++ exited with 0 +++ [pid 420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 32.902855][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 32.917711][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 32.929994][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.929994][ T302] [ 32.939621][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 32.945400][ T302] EXT4-fs (loop0): Free/Dirty block details [ 32.951208][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 32.956830][ T302] EXT4-fs (loop0): dirty_blocks=10208 [ 32.962000][ T302] EXT4-fs (loop0): Block reservation details [ 32.967847][ T302] EXT4-fs (loop0): i_reserved_data_blocks=638 [ 32.983346][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 32.995887][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.995887][ T8] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 426 ./strace-static-x86_64: Process 426 attached [pid 426] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 426] chdir("./20") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 426] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 426] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 427 attached , parent_tid=[427], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 427 [pid 426] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 427] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 427] memfd_create("syzkaller", 0) = 3 [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 427] munmap(0x7f4e50b10000, 1048576) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 427] close(3) = 0 [pid 427] mkdir("./file0", 0777) = 0 [pid 427] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 427] chdir("./file0") = 0 [pid 427] ioctl(4, LOOP_CLR_FD) = 0 [pid 427] close(4) = 0 [pid 427] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 1 [pid 427] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 427] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 1 [pid 427] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 427] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 1 [pid 427] ftruncate(5, 33587195) = 0 [pid 427] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 426] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 430 attached , parent_tid=[430], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 430 [pid 426] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 430] set_robust_list(0x7f4e50c0f9e0, 24 [pid 426] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 430] <... set_robust_list resumed>) = 0 [pid 426] <... clone resumed>, parent_tid=[431], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 431 [pid 426] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 1 [pid 427] sendfile(4, 5, [0] [pid 430] sendfile(4, 5, NULL, 281474978811909 [pid 427] <... sendfile resumed> => [4], 4) = 4 [pid 427] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 33.147373][ T427] loop0: detected capacity change from 0 to 2048 [ 33.166942][ T427] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 431] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 426] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 426] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 431] <... mmap resumed>) = 0x20000000 [pid 431] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] exit_group(0 [pid 431] <... futex resumed>) = 231 [pid 426] <... exit_group resumed>) = ? [pid 427] <... futex resumed>) = ? [pid 431] +++ exited with 0 +++ [pid 427] +++ exited with 0 +++ [pid 430] <... sendfile resumed>) = ? [pid 430] +++ exited with 0 +++ [pid 426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 [ 33.372404][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 33.387443][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 33.399691][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 33.399691][ T8] [ 33.409345][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 33.415126][ T8] EXT4-fs (loop0): Free/Dirty block details [ 33.420942][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 33.426560][ T8] EXT4-fs (loop0): dirty_blocks=11200 [ 33.431818][ T8] EXT4-fs (loop0): Block reservation details [ 33.437662][ T8] EXT4-fs (loop0): i_reserved_data_blocks=700 [ 33.453154][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 33.465671][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 33.465671][ T8] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 433] chdir("./21") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 433] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[434], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 434 [pid 433] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 434] memfd_create("syzkaller", 0) = 3 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7f4e50b10000, 1048576) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 434] close(3) = 0 [pid 434] mkdir("./file0", 0777) = 0 [pid 434] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 434] chdir("./file0") = 0 [pid 434] ioctl(4, LOOP_CLR_FD) = 0 [pid 434] close(4) = 0 [pid 434] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 0 [pid 434] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 434] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 1 [pid 434] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 434] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 434] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 0 [pid 434] ftruncate(5, 33587195) = 0 [pid 434] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 433] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[437], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 437 [pid 433] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 433] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[438], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 438 ./strace-static-x86_64: Process 438 attached ./strace-static-x86_64: Process 437 attached [pid 434] <... futex resumed>) = 1 [pid 433] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 438] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 438] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 437] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 437] sendfile(4, 5, NULL, 281474978811909 [ 33.596550][ T434] loop0: detected capacity change from 0 to 2048 [ 33.617168][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 434] sendfile(4, 5, 0x20000040, 4 [pid 433] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 433] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 433] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 438] <... mmap resumed>) = 0x20000000 [pid 438] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 33.645772][ T434] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 33.660757][ T434] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 33.672819][ T434] EXT4-fs (loop0): This should not happen!! Data will be lost [ 33.672819][ T434] [ 33.682534][ T434] EXT4-fs (loop0): Total free blocks count 0 [ 33.688531][ T434] EXT4-fs (loop0): Free/Dirty block details [pid 438] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] <... sendfile resumed>) = -1 ENOSPC (No space left on device) [pid 434] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 33.694587][ T434] EXT4-fs (loop0): free_blocks=2415919104 [ 33.700308][ T434] EXT4-fs (loop0): dirty_blocks=128 [ 33.705311][ T434] EXT4-fs (loop0): Block reservation details [ 33.711317][ T434] EXT4-fs (loop0): i_reserved_data_blocks=8 [pid 434] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] exit_group(0 [pid 438] <... futex resumed>) = ? [pid 434] <... futex resumed>) = ? [pid 437] <... sendfile resumed>) = ? [pid 433] <... exit_group resumed>) = ? [pid 438] +++ exited with 0 +++ [pid 434] +++ exited with 0 +++ [pid 437] +++ exited with 0 +++ [pid 433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 33.827227][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 33.839504][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 33.839504][ T8] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 439] chdir("./22") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 439] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 440 attached , parent_tid=[440], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 440 [pid 440] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 440] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 439] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 440] memfd_create("syzkaller", 0) = 3 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7f4e50b10000, 1048576) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 440] close(3) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 440] chdir("./file0") = 0 [pid 440] ioctl(4, LOOP_CLR_FD) = 0 [pid 440] close(4) = 0 [pid 440] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 440] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 440] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] ftruncate(5, 33587195) = 0 [pid 440] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 439] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 443 attached , parent_tid=[443], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 443 [pid 443] set_robust_list(0x7f4e50c0f9e0, 24 [pid 439] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... set_robust_list resumed>) = 0 [pid 439] <... futex resumed>) = 0 [pid 443] sendfile(4, 5, NULL, 281474978811909 [pid 439] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 439] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[444], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 444 [pid 439] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] sendfile(4, 5, [0]./strace-static-x86_64: Process 444 attached [pid 444] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 33.985504][ T440] loop0: detected capacity change from 0 to 2048 [ 33.996831][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 34.020174][ T440] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 444] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 439] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 444] <... mmap resumed>) = 0x20000000 [pid 444] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 34.035196][ T440] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 34.047228][ T440] EXT4-fs (loop0): This should not happen!! Data will be lost [ 34.047228][ T440] [ 34.057072][ T440] EXT4-fs (loop0): Total free blocks count 0 [ 34.062875][ T440] EXT4-fs (loop0): Free/Dirty block details [ 34.069159][ T440] EXT4-fs (loop0): free_blocks=2415919104 [ 34.074824][ T440] EXT4-fs (loop0): dirty_blocks=32 [ 34.079885][ T440] EXT4-fs (loop0): Block reservation details [pid 444] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 440] <... sendfile resumed>, 4) = -1 ENOSPC (No space left on device) [pid 440] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 34.085845][ T440] EXT4-fs (loop0): i_reserved_data_blocks=2 [pid 440] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] exit_group(0 [pid 444] <... futex resumed>) = ? [pid 440] <... futex resumed>) = ? [pid 439] <... exit_group resumed>) = ? [pid 444] +++ exited with 0 +++ [pid 440] +++ exited with 0 +++ [pid 443] <... sendfile resumed>) = ? [pid 443] +++ exited with 0 +++ [pid 439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 34.207778][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 34.220134][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 34.220134][ T10] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 445] chdir("./23") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 445] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[446], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 446 [pid 445] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 446] memfd_create("syzkaller", 0) = 3 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 446] munmap(0x7f4e50b10000, 1048576) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 446] close(3) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 446] chdir("./file0") = 0 [pid 446] ioctl(4, LOOP_CLR_FD) = 0 [pid 446] close(4) = 0 [pid 446] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 445] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 0 [pid 446] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 446] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] <... futex resumed>) = 1 [pid 445] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 446] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] ftruncate(5, 33587195) = 0 [pid 446] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 445] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[449], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 449 [pid 445] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 445] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[450], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 450 [pid 445] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] sendfile(4, 5, [0]./strace-static-x86_64: Process 449 attached ./strace-static-x86_64: Process 450 attached => [4], 4) = 4 [pid 446] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 449] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 449] sendfile(4, 5, NULL, 281474978811909 [pid 450] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 34.341836][ T446] loop0: detected capacity change from 0 to 2048 [ 34.356715][ T446] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 450] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 445] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 445] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 450] <... mmap resumed>) = 0x20000000 [pid 450] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] exit_group(0) = ? [pid 450] <... futex resumed>) = ? [pid 446] <... futex resumed>) = ? [pid 446] +++ exited with 0 +++ [pid 450] +++ exited with 0 +++ [pid 449] <... sendfile resumed>) = ? [pid 449] +++ exited with 0 +++ [pid 445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=1, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 34.557209][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 34.571978][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 34.584244][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 34.584244][ T302] [ 34.593897][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 34.599765][ T302] EXT4-fs (loop0): Free/Dirty block details [ 34.605425][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 34.611002][ T302] EXT4-fs (loop0): dirty_blocks=9936 [ 34.616110][ T302] EXT4-fs (loop0): Block reservation details [ 34.621910][ T302] EXT4-fs (loop0): i_reserved_data_blocks=621 [ 34.637443][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 34.649969][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 34.649969][ T302] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 452] chdir("./24") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 452] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 452] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 452] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 453 attached , parent_tid=[453], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 453 [pid 453] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 453] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] memfd_create("syzkaller", 0) = 3 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 452] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 453] munmap(0x7f4e50b10000, 1048576) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 453] close(3) = 0 [pid 453] mkdir("./file0", 0777) = 0 [pid 453] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 453] chdir("./file0") = 0 [pid 453] ioctl(4, LOOP_CLR_FD) = 0 [pid 453] close(4) = 0 [pid 453] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 453] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 452] <... futex resumed>) = 0 [pid 453] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 452] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... open resumed>) = 4 [pid 453] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 453] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 452] <... futex resumed>) = 0 [pid 453] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 452] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... open resumed>) = 5 [pid 453] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 453] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 452] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] ftruncate(5, 33587195) = 0 [pid 453] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 453] sendfile(4, 5, [0] [pid 452] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] <... sendfile resumed> => [4], 4) = 4 [pid 452] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] <... futex resumed>) = 0 [pid 452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 452] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 452] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[456], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 456 [pid 452] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 452] <... futex resumed>) = 1 [pid 453] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 452] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [ 34.828471][ T453] loop0: detected capacity change from 0 to 2048 [ 34.846837][ T453] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 456] sendfile(4, 5, NULL, 281474978811909 [pid 452] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 452] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 453] <... mmap resumed>) = 0x20000000 [pid 453] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] exit_group(0 [pid 453] <... futex resumed>) = ? [pid 452] <... exit_group resumed>) = ? [pid 453] +++ exited with 0 +++ [pid 456] <... sendfile resumed>) = ? [pid 456] +++ exited with 0 +++ [pid 452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 35.048689][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 35.063571][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 35.075813][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 35.075813][ T302] [ 35.085279][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 35.091339][ T302] EXT4-fs (loop0): Free/Dirty block details [ 35.097103][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 35.102596][ T302] EXT4-fs (loop0): dirty_blocks=10048 [ 35.107899][ T302] EXT4-fs (loop0): Block reservation details [ 35.113614][ T302] EXT4-fs (loop0): i_reserved_data_blocks=628 [ 35.129069][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 35.141583][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 35.141583][ T302] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 457 ./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 457] chdir("./25") = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 457] setpgid(0, 0) = 0 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 457] write(3, "1000", 4) = 4 [pid 457] close(3) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 457] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 457] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 458 attached , parent_tid=[458], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 458 [pid 458] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 458] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 458] memfd_create("syzkaller", 0) = 3 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 457] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 458] munmap(0x7f4e50b10000, 1048576) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 458] close(3) = 0 [pid 458] mkdir("./file0", 0777) = 0 [pid 458] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 458] chdir("./file0") = 0 [pid 458] ioctl(4, LOOP_CLR_FD) = 0 [pid 458] close(4) = 0 [pid 458] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 458] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 458] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] ftruncate(5, 33587195) = 0 [pid 458] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 457] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[461], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 461 [pid 457] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 457] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[462], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 462 [pid 457] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 ./strace-static-x86_64: Process 462 attached ./strace-static-x86_64: Process 461 attached [pid 462] set_robust_list(0x7f4e50bee9e0, 24 [pid 461] set_robust_list(0x7f4e50c0f9e0, 24 [pid 458] sendfile(4, 5, [0] [pid 462] <... set_robust_list resumed>) = 0 [pid 461] <... set_robust_list resumed>) = 0 [pid 461] sendfile(4, 5, NULL, 281474978811909 [pid 462] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 458] <... sendfile resumed> => [4], 4) = 4 [pid 458] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 35.298678][ T458] loop0: detected capacity change from 0 to 2048 [ 35.317009][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 458] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 457] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 457] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 457] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 462] <... mmap resumed>) = 0x20000000 [pid 462] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] exit_group(0 [pid 462] <... futex resumed>) = ? [pid 458] <... futex resumed>) = ? [pid 457] <... exit_group resumed>) = ? [pid 461] <... sendfile resumed>) = ? [pid 461] +++ exited with 0 +++ [pid 462] +++ exited with 0 +++ [pid 458] +++ exited with 0 +++ [pid 457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=457, si_uid=0, si_status=0, si_utime=0, si_stime=28} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 35.515144][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 35.529999][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 35.542244][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 35.542244][ T302] [ 35.552004][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 35.557858][ T302] EXT4-fs (loop0): Free/Dirty block details [ 35.563522][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 35.569265][ T302] EXT4-fs (loop0): dirty_blocks=10000 [ 35.574451][ T302] EXT4-fs (loop0): Block reservation details [ 35.580300][ T302] EXT4-fs (loop0): i_reserved_data_blocks=625 [ 35.595778][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 35.608298][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 35.608298][ T8] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 464 ./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 464] chdir("./26") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 464] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[465], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 465 [pid 464] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 465] memfd_create("syzkaller", 0) = 3 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 465] munmap(0x7f4e50b10000, 1048576) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 465] close(3) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 465] chdir("./file0") = 0 [pid 465] ioctl(4, LOOP_CLR_FD) = 0 [pid 465] close(4) = 0 [pid 465] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 465] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 465] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] ftruncate(5, 33587195) = 0 [pid 465] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 464] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[468], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 468 [pid 464] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 464] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[469], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 469 [pid 464] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] sendfile(4, 5, [0] => [4], 4) = 4 [pid 465] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 469] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [ 35.784192][ T465] loop0: detected capacity change from 0 to 2048 [ 35.797063][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 468] sendfile(4, 5, NULL, 281474978811909 [pid 464] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 469] <... mmap resumed>) = 0x20000000 [pid 469] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] exit_group(0 [pid 465] <... futex resumed>) = ? [pid 469] <... futex resumed>) = ? [pid 464] <... exit_group resumed>) = ? [pid 468] <... sendfile resumed>) = ? [pid 465] +++ exited with 0 +++ [pid 469] +++ exited with 0 +++ [pid 468] +++ exited with 0 +++ [pid 464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 35.992987][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 36.007876][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 36.020137][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 36.020137][ T8] [ 36.029896][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 36.035763][ T8] EXT4-fs (loop0): Free/Dirty block details [ 36.041409][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 36.047015][ T8] EXT4-fs (loop0): dirty_blocks=9936 [ 36.052079][ T8] EXT4-fs (loop0): Block reservation details [ 36.057932][ T8] EXT4-fs (loop0): i_reserved_data_blocks=621 [ 36.073493][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 36.086005][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 36.086005][ T302] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 470 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 470] chdir("./27") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 470] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[471], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 471 [pid 470] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 471] memfd_create("syzkaller", 0) = 3 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 471] munmap(0x7f4e50b10000, 1048576) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 471] close(3) = 0 [pid 471] mkdir("./file0", 0777) = 0 [pid 471] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 471] chdir("./file0") = 0 [pid 471] ioctl(4, LOOP_CLR_FD) = 0 [pid 471] close(4) = 0 [pid 471] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 471] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 471] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 0 [pid 471] ftruncate(5, 33587195) = 0 [pid 471] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 470] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[474], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 474 [pid 470] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 470] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[475], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 475 [pid 470] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] sendfile(4, 5, [0]./strace-static-x86_64: Process 474 attached => [4], 4) = 4 [pid 471] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 475] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 474] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [ 36.260870][ T471] loop0: detected capacity change from 0 to 2048 [ 36.276962][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 474] sendfile(4, 5, NULL, 281474978811909 [pid 470] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 475] <... mmap resumed>) = 0x20000000 [pid 475] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] exit_group(0 [pid 474] <... sendfile resumed>) = ? [pid 471] <... futex resumed>) = ? [pid 470] <... exit_group resumed>) = ? [pid 475] <... futex resumed>) = ? [pid 474] +++ exited with 0 +++ [pid 471] +++ exited with 0 +++ [pid 475] +++ exited with 0 +++ [pid 470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=470, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 36.477384][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 36.492065][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 36.504353][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 36.504353][ T8] [ 36.513780][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 36.519581][ T8] EXT4-fs (loop0): Free/Dirty block details [ 36.525292][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 36.530877][ T8] EXT4-fs (loop0): dirty_blocks=10064 [ 36.536069][ T8] EXT4-fs (loop0): Block reservation details [ 36.541869][ T8] EXT4-fs (loop0): i_reserved_data_blocks=629 [ 36.557853][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 36.570731][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 36.570731][ T302] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 477 ./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 477] chdir("./28") = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] setpgid(0, 0) = 0 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 477] write(3, "1000", 4) = 4 [pid 477] close(3) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 477] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 477] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[478], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 478 [pid 477] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 478] memfd_create("syzkaller", 0) = 3 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 478] munmap(0x7f4e50b10000, 1048576) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 478] close(3) = 0 [pid 478] mkdir("./file0", 0777) = 0 [pid 478] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 478] chdir("./file0") = 0 [pid 478] ioctl(4, LOOP_CLR_FD) = 0 [pid 478] close(4) = 0 [pid 478] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 478] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 478] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] ftruncate(5, 33587195) = 0 [pid 478] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 477] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[481], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 481 [pid 477] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 477] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[482], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 482 [pid 477] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] sendfile(4, 5, [0] => [4], 4) = 4 [pid 478] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 482 attached ./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x7f4e50c0f9e0, 24 [pid 482] set_robust_list(0x7f4e50bee9e0, 24 [pid 481] <... set_robust_list resumed>) = 0 [pid 481] sendfile(4, 5, NULL, 281474978811909 [pid 482] <... set_robust_list resumed>) = 0 [ 36.704181][ T478] loop0: detected capacity change from 0 to 2048 [ 36.716723][ T478] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 482] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 477] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 477] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 482] <... mmap resumed>) = 0x20000000 [pid 482] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] exit_group(0 [pid 481] <... sendfile resumed>) = ? [pid 478] <... futex resumed>) = ? [pid 477] <... exit_group resumed>) = ? [pid 482] <... futex resumed>) = ? [pid 481] +++ exited with 0 +++ [pid 482] +++ exited with 0 +++ [pid 478] +++ exited with 0 +++ [pid 477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 36.911748][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 36.926774][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 36.939029][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 36.939029][ T302] [ 36.948700][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 36.954504][ T302] EXT4-fs (loop0): Free/Dirty block details [ 36.960397][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 36.965934][ T302] EXT4-fs (loop0): dirty_blocks=10144 [ 36.971062][ T302] EXT4-fs (loop0): Block reservation details [ 36.976921][ T302] EXT4-fs (loop0): i_reserved_data_blocks=634 [ 36.992379][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 37.004890][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 37.004890][ T302] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 483 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 483] chdir("./29") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 483] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 483] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 484 attached , parent_tid=[484], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 484 [pid 484] set_robust_list(0x7f4e58f309e0, 24 [pid 483] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 484] <... set_robust_list resumed>) = 0 [pid 484] memfd_create("syzkaller", 0) = 3 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 484] munmap(0x7f4e50b10000, 1048576) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 484] close(3) = 0 [pid 484] mkdir("./file0", 0777) = 0 [pid 484] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 484] chdir("./file0") = 0 [pid 484] ioctl(4, LOOP_CLR_FD) = 0 [pid 484] close(4) = 0 [pid 484] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 484] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 483] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 484] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 484] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 484] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] ftruncate(5, 33587195) = 0 [pid 484] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = 1 [pid 483] <... futex resumed>) = 0 [pid 483] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 483] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[487], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 487 [pid 483] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 483] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[488], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 488 ./strace-static-x86_64: Process 487 attached [pid 483] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] sendfile(4, 5, [0] [pid 487] set_robust_list(0x7f4e50c0f9e0, 24./strace-static-x86_64: Process 488 attached [pid 484] <... sendfile resumed> => [4], 4) = 4 [pid 484] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] <... set_robust_list resumed>) = 0 [pid 487] sendfile(4, 5, NULL, 281474978811909 [pid 488] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 37.141950][ T484] loop0: detected capacity change from 0 to 2048 [ 37.156987][ T484] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 488] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 483] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 483] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 483] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 488] <... mmap resumed>) = 0x20000000 [pid 488] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] exit_group(0 [pid 484] <... futex resumed>) = ? [pid 483] <... exit_group resumed>) = ? [pid 488] <... futex resumed>) = ? [pid 487] <... sendfile resumed>) = ? [pid 487] +++ exited with 0 +++ [pid 484] +++ exited with 0 +++ [pid 488] +++ exited with 0 +++ [pid 483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=483, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 37.357457][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 37.372531][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 37.384802][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 37.384802][ T302] [ 37.394498][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 37.400350][ T302] EXT4-fs (loop0): Free/Dirty block details [ 37.406042][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 37.411567][ T302] EXT4-fs (loop0): dirty_blocks=9936 [ 37.416709][ T302] EXT4-fs (loop0): Block reservation details [ 37.422502][ T302] EXT4-fs (loop0): i_reserved_data_blocks=621 [ 37.438095][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 37.450619][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 37.450619][ T10] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 490 ./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 490] chdir("./30") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 490] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 490] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 490] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[491], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 491 [pid 490] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 491] memfd_create("syzkaller", 0) = 3 [pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 491] munmap(0x7f4e50b10000, 1048576) = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 491] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 491] close(3) = 0 [pid 491] mkdir("./file0", 0777) = 0 [pid 491] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 491] chdir("./file0") = 0 [pid 491] ioctl(4, LOOP_CLR_FD) = 0 [pid 491] close(4) = 0 [pid 491] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 491] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 491] <... futex resumed>) = 0 [pid 490] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 491] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 491] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] ftruncate(5, 33587195) = 0 [pid 491] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 490] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 490] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[494], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 494 ./strace-static-x86_64: Process 494 attached [pid 490] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 490] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 490] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[495], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 495 [pid 490] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] sendfile(4, 5, [0]./strace-static-x86_64: Process 495 attached [pid 494] set_robust_list(0x7f4e50c0f9e0, 24 [pid 491] <... sendfile resumed> => [4], 4) = 4 [pid 491] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] <... set_robust_list resumed>) = 0 [pid 494] sendfile(4, 5, NULL, 281474978811909 [pid 495] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 37.584744][ T491] loop0: detected capacity change from 0 to 2048 [ 37.596979][ T491] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 495] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 490] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 490] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 490] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 490] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 490] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 495] <... mmap resumed>) = 0x20000000 [pid 495] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] exit_group(0 [pid 495] <... futex resumed>) = ? [pid 491] <... futex resumed>) = ? [pid 490] <... exit_group resumed>) = ? [pid 494] <... sendfile resumed>) = ? [pid 491] +++ exited with 0 +++ [pid 494] +++ exited with 0 +++ [pid 495] +++ exited with 0 +++ [pid 490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 37.796629][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 37.811546][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 37.823826][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 37.823826][ T10] [ 37.833481][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 37.839293][ T10] EXT4-fs (loop0): Free/Dirty block details [ 37.845006][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 37.850586][ T10] EXT4-fs (loop0): dirty_blocks=10320 [ 37.855783][ T10] EXT4-fs (loop0): Block reservation details [ 37.861598][ T10] EXT4-fs (loop0): i_reserved_data_blocks=645 [ 37.877228][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 37.889753][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 37.889753][ T302] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 496 ./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 496] chdir("./31") = 0 [pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 496] setpgid(0, 0) = 0 [pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 496] write(3, "1000", 4) = 4 [pid 496] close(3) = 0 [pid 496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 496] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 496] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[497], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 497 [pid 496] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 497] memfd_create("syzkaller", 0) = 3 [pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 497] munmap(0x7f4e50b10000, 1048576) = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 497] close(3) = 0 [pid 497] mkdir("./file0", 0777) = 0 [pid 497] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 497] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 497] chdir("./file0") = 0 [pid 497] ioctl(4, LOOP_CLR_FD) = 0 [pid 497] close(4) = 0 [pid 497] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 497] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 497] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] ftruncate(5, 33587195) = 0 [pid 497] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 496] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[500], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 500 [pid 496] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 496] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[501], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 501 [pid 496] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] sendfile(4, 5, [0] => [4], 4) = 4 [pid 497] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 501 attached ./strace-static-x86_64: Process 500 attached [pid 501] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 500] set_robust_list(0x7f4e50c0f9e0, 24 [pid 501] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 500] <... set_robust_list resumed>) = 0 [ 38.061445][ T497] loop0: detected capacity change from 0 to 2048 [ 38.087072][ T497] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 500] sendfile(4, 5, NULL, 281474978811909 [pid 496] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 496] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 496] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 501] <... mmap resumed>) = 0x20000000 [pid 501] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 496] exit_group(0 [pid 497] <... futex resumed>) = ? [pid 496] <... exit_group resumed>) = ? [pid 500] <... sendfile resumed>) = ? [pid 500] +++ exited with 0 +++ [pid 497] +++ exited with 0 +++ [pid 501] <... futex resumed>) = ? [pid 501] +++ exited with 0 +++ [pid 496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 38.285727][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 38.300909][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 38.313186][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 38.313186][ T302] [ 38.322820][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 38.328694][ T302] EXT4-fs (loop0): Free/Dirty block details [ 38.334332][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 38.340096][ T302] EXT4-fs (loop0): dirty_blocks=10320 [ 38.345270][ T302] EXT4-fs (loop0): Block reservation details [ 38.351227][ T302] EXT4-fs (loop0): i_reserved_data_blocks=645 [ 38.366609][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 38.379121][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 38.379121][ T302] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 503 ./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 503] chdir("./32") = 0 [pid 503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 503] setpgid(0, 0) = 0 [pid 503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 503] write(3, "1000", 4) = 4 [pid 503] close(3) = 0 [pid 503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 503] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 503] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 503] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[504], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 504 [pid 503] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 504] memfd_create("syzkaller", 0) = 3 [pid 504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 504] munmap(0x7f4e50b10000, 1048576) = 0 [pid 504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 504] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 504] close(3) = 0 [pid 504] mkdir("./file0", 0777) = 0 [pid 504] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 504] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 504] chdir("./file0") = 0 [pid 504] ioctl(4, LOOP_CLR_FD) = 0 [pid 504] close(4) = 0 [pid 504] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 504] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 504] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] ftruncate(5, 33587195) = 0 [pid 504] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 503] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 503] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[507], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 507 [pid 503] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 503] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 503] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[508], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 508 [pid 503] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] sendfile(4, 5, [0] => [4], 4) = 4 [pid 504] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 507] sendfile(4, 5, NULL, 281474978811909./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x7f4e50bee9e0, 24) = 0 [ 38.510839][ T504] loop0: detected capacity change from 0 to 2048 [ 38.527339][ T504] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 508] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 503] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 508] <... mmap resumed>) = 0x20000000 [pid 508] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 503] exit_group(0 [pid 507] <... sendfile resumed>) = ? [pid 504] <... futex resumed>) = ? [pid 503] <... exit_group resumed>) = ? [pid 507] +++ exited with 0 +++ [pid 504] +++ exited with 0 +++ [pid 508] <... futex resumed>) = ? [pid 508] +++ exited with 0 +++ [pid 503] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=503, si_uid=0, si_status=0, si_utime=0, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 [ 38.724394][ T302] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 38.739289][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 38.751548][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 38.751548][ T302] [ 38.761312][ T302] EXT4-fs (loop0): Total free blocks count 0 [ 38.767325][ T302] EXT4-fs (loop0): Free/Dirty block details [ 38.773030][ T302] EXT4-fs (loop0): free_blocks=2415919104 [ 38.778619][ T302] EXT4-fs (loop0): dirty_blocks=10480 [ 38.783794][ T302] EXT4-fs (loop0): Block reservation details [ 38.789809][ T302] EXT4-fs (loop0): i_reserved_data_blocks=655 [ 38.805056][ T302] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 38.817853][ T302] EXT4-fs (loop0): This should not happen!! Data will be lost [ 38.817853][ T302] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556ce6660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556ce6660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555556cde620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cdd5d0) = 509 ./strace-static-x86_64: Process 509 attached [pid 509] set_robust_list(0x555556cdd5e0, 24) = 0 [pid 509] chdir("./33") = 0 [pid 509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 509] setpgid(0, 0) = 0 [pid 509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 509] write(3, "1000", 4) = 4 [pid 509] close(3) = 0 [pid 509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 509] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e58f10000 [pid 509] mprotect(0x7f4e58f11000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 509] clone(child_stack=0x7f4e58f303f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[510], tls=0x7f4e58f30700, child_tidptr=0x7f4e58f309d0) = 510 [pid 509] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x7f4e58f309e0, 24) = 0 [pid 510] memfd_create("syzkaller", 0) = 3 [pid 510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e50b10000 [pid 510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 510] munmap(0x7f4e50b10000, 1048576) = 0 [pid 510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 510] close(3) = 0 [pid 510] mkdir("./file0", 0777) = 0 [pid 510] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 510] chdir("./file0") = 0 [pid 510] ioctl(4, LOOP_CLR_FD) = 0 [pid 510] close(4) = 0 [pid 510] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 510] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 510] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f4e5900978c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] ftruncate(5, 33587195) = 0 [pid 510] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... futex resumed>) = 0 [pid 509] futex(0x7f4e59009788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bef000 [pid 509] mprotect(0x7f4e50bf0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 509] clone(child_stack=0x7f4e50c0f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[513], tls=0x7f4e50c0f700, child_tidptr=0x7f4e50c0f9d0) = 513 [pid 509] futex(0x7f4e59009798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4e50bce000 [pid 509] mprotect(0x7f4e50bcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 509] clone(child_stack=0x7f4e50bee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[514], tls=0x7f4e50bee700, child_tidptr=0x7f4e50bee9d0) = 514 [pid 509] futex(0x7f4e590097a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f4e590097ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] sendfile(4, 5, [0]./strace-static-x86_64: Process 514 attached ./strace-static-x86_64: Process 513 attached [pid 514] set_robust_list(0x7f4e50bee9e0, 24) = 0 [pid 514] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [ 38.976423][ T510] loop0: detected capacity change from 0 to 2048 [ 38.996897][ T510] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 513] set_robust_list(0x7f4e50c0f9e0, 24) = 0 [pid 513] sendfile(4, 5, NULL, 281474978811909 [pid 510] <... sendfile resumed>, 4) = -1 EFAULT (Bad address) [pid 510] futex(0x7f4e5900978c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7f4e59009788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 509] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 39.017043][ T510] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 39.033762][ T513] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 32 with max blocks 1 with error 28 [ 39.046840][ T513] EXT4-fs (loop0): This should not happen!! Data will be lost [ 39.046840][ T513] [ 39.057008][ T513] EXT4-fs (loop0): Total free blocks count 0 [ 39.062878][ T513] EXT4-fs (loop0): Free/Dirty block details [ 39.069667][ T513] EXT4-fs (loop0): free_blocks=2415919104 [pid 514] <... mmap resumed>) = 0x20000000 [pid 514] futex(0x7f4e590097ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7f4e590097a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 513] <... sendfile resumed>) = 65536 [pid 513] futex(0x7f4e5900979c, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] exit_group(0 [pid 514] <... futex resumed>) = ? [pid 510] <... futex resumed>) = ? [pid 509] <... exit_group resumed>) = ? [pid 514] +++ exited with 0 +++ [pid 513] <... futex resumed>) = ? [pid 510] +++ exited with 0 +++ [pid 513] +++ exited with 0 +++ [pid 509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=509, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556cde620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 [ 39.075429][ T513] EXT4-fs (loop0): dirty_blocks=48 [ 39.080838][ T513] EXT4-fs (loop0): Block reservation details [ 39.086857][ T513] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 39.103947][ T302] ------------[ cut here ]------------ [ 39.110144][ T302] kernel BUG at fs/ext4/inode.c:2745! [ 39.115330][ T302] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 39.121218][ T302] CPU: 1 PID: 302 Comm: kworker/u4:3 Not tainted 5.15.106-syzkaller-00249-g19c0ed55a470 #0 [ 39.131032][ T302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 39.140926][ T302] Workqueue: writeback wb_workfn (flush-7:0) [ 39.146733][ T302] RIP: 0010:ext4_writepages+0x3fe8/0x4010 [ 39.152295][ T302] Code: 89 de e8 ab b0 88 ff 45 84 f6 75 2c e8 11 ae 88 ff 49 be 00 00 00 00 00 fc ff df 4c 8b 64 24 50 e9 e7 c5 ff ff e8 f8 ad 88 ff <0f> 0b e8 f1 ad 88 ff e8 28 43 19 ff eb 93 e8 e5 ad 88 ff e8 1c 43 [ 39.172772][ T302] RSP: 0018:ffffc90000a17000 EFLAGS: 00010293 [ 39.178662][ T302] RAX: ffffffff81e73dc8 RBX: 0000008000000000 RCX: ffff88811a1c2780 [ 39.186482][ T302] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 39.194292][ T302] RBP: ffffc90000a17410 R08: ffffffff81e73538 R09: ffffed10248ec181 [ 39.202102][ T302] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000a177d0 [ 39.210167][ T302] R13: 0000000000000000 R14: 000000c410000000 R15: 0000000000000001 [ 39.217982][ T302] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 39.226747][ T302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.233166][ T302] CR2: 00007f4e58fd5a18 CR3: 000000011d617000 CR4: 00000000003506a0 [ 39.241066][ T302] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.248962][ T302] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.256776][ T302] Call Trace: [ 39.259902][ T302] [ 39.262677][ T302] ? xas_start+0x32c/0x3f0 [ 39.266940][ T302] ? xas_load+0x2b7/0x2d0 [ 39.271095][ T302] ? __kasan_check_read+0x11/0x20 [ 39.275958][ T302] ? debug_smp_processor_id+0x17/0x20 [ 39.281164][ T302] ? free_unref_page_list+0x8bf/0x980 [ 39.286546][ T302] ? ext4_readpage+0x230/0x230 [ 39.291145][ T302] ? free_unref_page_commit+0x480/0x480 [ 39.296524][ T302] ? shmem_getpage_gfp+0x21cd/0x23c0 [ 39.301650][ T302] ? memset+0x35/0x40 [ 39.305493][ T302] ? ___update_load_sum+0x486/0x800 [ 39.310532][ T302] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 39.315968][ T302] ? ext4_readpage+0x230/0x230 [ 39.320567][ T302] do_writepages+0x40e/0x670 [ 39.324997][ T302] ? __writepage+0x130/0x130 [ 39.329465][ T302] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 39.334985][ T302] ? update_load_avg+0x43a/0x1150 [ 39.339851][ T302] __writeback_single_inode+0xdf/0xa70 [ 39.345135][ T302] writeback_sb_inodes+0xb2e/0x1910 [ 39.350169][ T302] ? queue_io+0x520/0x520 [ 39.354328][ T302] ? __writeback_inodes_wb+0x3f0/0x3f0 [ 39.359629][ T302] ? queue_io+0x3d0/0x520 [ 39.363789][ T302] wb_writeback+0x3b9/0x9e0 [ 39.368130][ T302] ? inode_cgwb_move_to_attached+0x3c0/0x3c0 [ 39.373944][ T302] ? set_worker_desc+0x158/0x1c0 [ 39.378719][ T302] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 39.384187][ T302] ? __kasan_check_write+0x14/0x20 [ 39.389570][ T302] wb_workfn+0x3d9/0x1110 [ 39.393738][ T302] ? inode_wait_for_writeback+0x280/0x280 [ 39.399290][ T302] ? sched_clock+0x9/0x10 [ 39.403471][ T302] ? _raw_spin_unlock+0x4d/0x70 [ 39.408139][ T302] ? finish_task_switch+0x167/0x7b0 [ 39.413176][ T302] ? __kasan_check_read+0x11/0x20 [ 39.418034][ T302] ? read_word_at_a_time+0x12/0x20 [ 39.422983][ T302] ? strscpy+0x9c/0x260 [ 39.426976][ T302] process_one_work+0x6bb/0xc10 [ 39.431671][ T302] worker_thread+0xad5/0x12a0 [ 39.436175][ T302] ? _raw_spin_lock+0x1b0/0x1b0 [ 39.440866][ T302] kthread+0x421/0x510 [ 39.444767][ T302] ? worker_clr_flags+0x180/0x180 [ 39.449628][ T302] ? kthread_blkcg+0xd0/0xd0 [ 39.454054][ T302] ret_from_fork+0x1f/0x30 [ 39.458309][ T302] [ 39.461171][ T302] Modules linked in: [ 39.465038][ T302] ---[ end trace 90b34458de8e6840 ]--- [ 39.470445][ T302] RIP: 0010:ext4_writepages+0x3fe8/0x4010 [ 39.476007][ T302] Code: 89 de e8 ab b0 88 ff 45 84 f6 75 2c e8 11 ae 88 ff 49 be 00 00 00 00 00 fc ff df 4c 8b 64 24 50 e9 e7 c5 ff ff e8 f8 ad 88 ff <0f> 0b e8 f1 ad 88 ff e8 28 43 19 ff eb 93 e8 e5 ad 88 ff e8 1c 43 [ 39.495476][ T302] RSP: 0018:ffffc90000a17000 EFLAGS: 00010293 [ 39.501289][ T302] RAX: ffffffff81e73dc8 RBX: 0000008000000000 RCX: ffff88811a1c2780 [ 39.509237][ T302] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 39.517076][ T302] RBP: ffffc90000a17410 R08: ffffffff81e73538 R09: ffffed10248ec181 [ 39.524875][ T302] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000a177d0 [ 39.532721][ T302] R13: 0000000000000000 R14: 000000c410000000 R15: 0000000000000001 [ 39.540504][ T302] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 39.549448][ T302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.555879][ T302] CR2: 0000555556ce6628 CR3: 000000010c4c3000 CR4: 00000000003506b0 [ 39.563659][ T302] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.571497][ T302] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.579303][ T302] Kernel panic - not syncing: Fatal exception [ 39.585491][ T302] Kernel Offset: disabled [ 39.589635][ T302] Rebooting in 86400 seconds..