./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor348846517 <...> Warning: Permanently added '10.128.1.182' (ECDSA) to the list of known hosts. execve("./syz-executor348846517", ["./syz-executor348846517"], 0x7fff72e9ffc0 /* 10 vars */) = 0 brk(NULL) = 0x55555647d000 brk(0x55555647dc40) = 0x55555647dc40 arch_prctl(ARCH_SET_FS, 0x55555647d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor348846517", 4096) = 27 brk(0x55555649ec40) = 0x55555649ec40 brk(0x55555649f000) = 0x55555649f000 mprotect(0x7f5b04dd6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 323 mkdir("./syzkaller.zLyJjD", 0700) = 0 chmod("./syzkaller.zLyJjD", 0777) = 0 chdir("./syzkaller.zLyJjD") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] chdir("./0") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] memfd_create("syzkaller", 0) = 3 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 325] munmap(0x7f5afc91a000, 1048576) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 19.963002][ T30] audit: type=1400 audit(1679835375.150:62): avc: denied { execmem } for pid=323 comm="syz-executor348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.983159][ T30] audit: type=1400 audit(1679835375.150:63): avc: denied { read write } for pid=323 comm="syz-executor348" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 325] close(3) = 0 [pid 325] mkdir("./file0", 0777) = 0 [ 19.993216][ T325] loop0: detected capacity change from 0 to 2048 [ 20.007903][ T30] audit: type=1400 audit(1679835375.150:64): avc: denied { open } for pid=323 comm="syz-executor348" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.037671][ T30] audit: type=1400 audit(1679835375.150:65): avc: denied { ioctl } for pid=323 comm="syz-executor348" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 325] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 325] chdir("./file0") = 0 [pid 325] ioctl(4, LOOP_CLR_FD) = 0 [ 20.063180][ T30] audit: type=1400 audit(1679835375.200:66): avc: denied { mounton } for pid=325 comm="syz-executor348" path="/root/syzkaller.zLyJjD/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.089023][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 325] close(4) = 0 [pid 325] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 325] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 325] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 325] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 325] sendfile(6, 5, NULL, 131071) = 131071 [ 20.099647][ T30] audit: type=1400 audit(1679835375.290:67): avc: denied { mount } for pid=325 comm="syz-executor348" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.121432][ T30] audit: type=1400 audit(1679835375.290:68): avc: denied { write } for pid=325 comm="syz-executor348" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.127896][ T325] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 20.143202][ T30] audit: type=1400 audit(1679835375.290:69): avc: denied { add_name } for pid=325 comm="syz-executor348" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.143230][ T30] audit: type=1400 audit(1679835375.290:70): avc: denied { create } for pid=325 comm="syz-executor348" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.143253][ T30] audit: type=1400 audit(1679835375.290:71): avc: denied { read write open } for pid=325 comm="syz-executor348" path="/root/syzkaller.zLyJjD/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.156283][ T325] ================================================================== [ 20.228989][ T325] BUG: KASAN: use-after-free in get_max_inline_xattr_value_size+0x36e/0x510 [ 20.237492][ T325] Read of size 4 at addr ffff88810ce0c084 by task syz-executor348/325 [ 20.245675][ T325] [ 20.247821][ T325] CPU: 1 PID: 325 Comm: syz-executor348 Not tainted 5.15.94-syzkaller-03204-g5448b2fda85f #0 [ 20.257802][ T325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 20.267699][ T325] Call Trace: [ 20.270822][ T325] [ 20.273600][ T325] dump_stack_lvl+0x151/0x1b7 [ 20.278114][ T325] ? io_uring_drop_tctx_refs+0x190/0x190 [ 20.283580][ T325] ? panic+0x751/0x751 [ 20.287484][ T325] ? __ext4_get_inode_loc+0x66f/0xcd0 [ 20.292694][ T325] print_address_description+0x87/0x3b0 [ 20.298162][ T325] kasan_report+0x179/0x1c0 [ 20.302501][ T325] ? get_max_inline_xattr_value_size+0x36e/0x510 [ 20.308662][ T325] ? get_max_inline_xattr_value_size+0x36e/0x510 [ 20.314831][ T325] __asan_report_load4_noabort+0x14/0x20 [ 20.320296][ T325] get_max_inline_xattr_value_size+0x36e/0x510 [ 20.326284][ T325] ext4_get_max_inline_size+0x13d/0x1f0 [ 20.331668][ T325] ? ext4_ind_truncate_ensure_credits+0x770/0x770 [ 20.337914][ T325] ? __kasan_check_read+0x11/0x20 [ 20.342773][ T325] ? ext4_da_write_inline_data_begin+0x1df/0xc40 [ 20.348937][ T325] ext4_da_write_inline_data_begin+0x1f6/0xc40 [ 20.354927][ T325] ? ext4_journalled_write_inline_data+0x620/0x620 [ 20.361261][ T325] ? __brelse+0x5b/0x90 [ 20.365282][ T325] ? ext4_xattr_ibody_get+0x2b7/0x720 [ 20.370463][ T325] ext4_da_write_begin+0x527/0xc30 [ 20.375417][ T325] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 20.380536][ T325] ? wb_get_create+0xe0a/0xe40 [ 20.385148][ T325] ? __kasan_check_write+0x14/0x20 [ 20.390077][ T325] ? fault_in_readable+0x206/0x2e0 [ 20.395029][ T325] ? fault_in_safe_writeable+0x240/0x240 [ 20.400495][ T325] ? inode_io_list_move_locked+0x35f/0x3d0 [ 20.406138][ T325] generic_perform_write+0x2bc/0x5a0 [ 20.411257][ T325] ? grab_cache_page_write_begin+0xa0/0xa0 [ 20.416898][ T325] ? update_load_avg+0x43a/0x1150 [ 20.421755][ T325] ? generic_write_checks+0x3b9/0x470 [ 20.426963][ T325] ext4_buffered_write_iter+0x49c/0x630 [ 20.432349][ T325] ext4_file_write_iter+0x443/0x1cc0 [ 20.437467][ T325] ? compat_start_thread+0x20/0x20 [ 20.442412][ T325] ? kvm_sched_clock_read+0x18/0x40 [ 20.447446][ T325] ? sched_clock+0x9/0x10 [ 20.451614][ T325] ? native_set_ldt+0x360/0x360 [ 20.456300][ T325] ? _raw_spin_unlock+0x4d/0x70 [ 20.460986][ T325] ? avc_policy_seqno+0x1b/0x70 [ 20.465678][ T325] ? ext4_file_read_iter+0x4b0/0x4b0 [ 20.470798][ T325] ? fsnotify_perm+0x6a/0x5d0 [ 20.475311][ T325] ? iov_iter_init+0x53/0x190 [ 20.479821][ T325] vfs_write+0xd8a/0x1160 [ 20.484007][ T325] ? __kasan_check_write+0x14/0x20 [ 20.488939][ T325] ? file_end_write+0x1c0/0x1c0 [ 20.493639][ T325] ? ptrace_stop+0x6eb/0xa90 [ 20.498047][ T325] ? __kasan_check_read+0x11/0x20 [ 20.502907][ T325] ? __fdget_pos+0x289/0x310 [ 20.507334][ T325] ksys_write+0x199/0x2c0 [ 20.511502][ T325] ? do_notify_parent+0xa30/0xa30 [ 20.516362][ T325] ? __ia32_sys_read+0x90/0x90 [ 20.520960][ T325] ? __kasan_check_read+0x11/0x20 [ 20.525824][ T325] __x64_sys_write+0x7b/0x90 [ 20.530248][ T325] do_syscall_64+0x3d/0xb0 [ 20.534503][ T325] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 20.540235][ T325] RIP: 0033:0x7f5b04d67a99 [ 20.544484][ T325] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 20.563927][ T325] RSP: 002b:00007fff322f57e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 20.572173][ T325] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5b04d67a99 [ 20.579981][ T325] RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000004 [ 20.587792][ T325] RBP: 0000000000000000 R08: 00007fff322f5810 R09: 00007fff322f5810 [ 20.595605][ T325] R10: 00007fff322f5810 R11: 0000000000000246 R12: 00007f5b04d26960 [ 20.603415][ T325] R13: 00007fff322f5840 R14: 00007fff322f5820 R15: 0000000000000000 [ 20.611233][ T325] [ 20.614092][ T325] [ 20.616261][ T325] Allocated by task 212: [ 20.620342][ T325] __kasan_slab_alloc+0xb1/0xe0 [ 20.625026][ T325] slab_post_alloc_hook+0x53/0x2c0 [ 20.629974][ T325] kmem_cache_alloc+0xf5/0x200 [ 20.634573][ T325] vm_area_alloc+0x24/0x130 [ 20.638914][ T325] mmap_region+0xb5d/0x1b60 [ 20.643254][ T325] do_mmap+0x776/0xe50 [ 20.647223][ T325] vm_mmap_pgoff+0x1dd/0x450 [ 20.651603][ T325] vm_mmap+0x8d/0xb0 [ 20.655319][ T325] elf_map+0x19c/0x240 [ 20.659402][ T325] load_elf_binary+0xfe0/0x2750 [ 20.664092][ T325] bprm_execve+0x7ae/0x14a0 [ 20.668425][ T325] do_execveat_common+0x565/0x710 [ 20.673284][ T325] __x64_sys_execve+0x92/0xb0 [ 20.677800][ T325] do_syscall_64+0x3d/0xb0 [ 20.682050][ T325] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 20.687791][ T325] [ 20.689948][ T325] Freed by task 25: [ 20.693599][ T325] kasan_set_track+0x4b/0x70 [ 20.698024][ T325] kasan_set_free_info+0x23/0x40 [ 20.702797][ T325] ____kasan_slab_free+0x126/0x160 [ 20.707743][ T325] __kasan_slab_free+0x11/0x20 [ 20.712344][ T325] slab_free_freelist_hook+0xbd/0x190 [ 20.717573][ T325] kmem_cache_free+0x116/0x2e0 [ 20.722176][ T325] __free_vm_area_struct+0x1c/0x20 [ 20.727098][ T325] rcu_do_batch+0x57a/0xc10 [ 20.731440][ T325] rcu_core+0x517/0x1020 [ 20.735517][ T325] rcu_core_si+0x9/0x10 [ 20.739508][ T325] __do_softirq+0x26d/0x5bf [ 20.743850][ T325] [ 20.746019][ T325] Last potentially related work creation: [ 20.751579][ T325] kasan_save_stack+0x3b/0x60 [ 20.756084][ T325] __kasan_record_aux_stack+0xd3/0xf0 [ 20.761295][ T325] kasan_record_aux_stack_noalloc+0xb/0x10 [ 20.766933][ T325] call_rcu+0x133/0x12a0 [ 20.771012][ T325] vm_area_free_no_check+0xff/0x130 [ 20.776047][ T325] vm_area_free+0x53/0x60 [ 20.780215][ T325] exit_mmap+0x50d/0x6f0 [ 20.784296][ T325] __mmput+0x95/0x310 [ 20.788114][ T325] mmput+0x5b/0x170 [ 20.791759][ T325] do_exit+0xbb4/0x2b60 [ 20.795751][ T325] do_group_exit+0x141/0x310 [ 20.800180][ T325] __x64_sys_exit_group+0x3f/0x40 [ 20.805038][ T325] do_syscall_64+0x3d/0xb0 [ 20.809290][ T325] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 20.815022][ T325] [ 20.817193][ T325] The buggy address belongs to the object at ffff88810ce0c000 [ 20.817193][ T325] which belongs to the cache vm_area_struct of size 232 [ 20.831336][ T325] The buggy address is located 132 bytes inside of [ 20.831336][ T325] 232-byte region [ffff88810ce0c000, ffff88810ce0c0e8) [ 20.844529][ T325] The buggy address belongs to the page: [ 20.850001][ T325] page:ffffea0004338300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ce0c [ 20.860067][ T325] flags: 0x4000000000000200(slab|zone=1) [ 20.865540][ T325] raw: 4000000000000200 0000000000000000 dead000000000122 ffff8881001b4000 [ 20.873961][ T325] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000 [ 20.882369][ T325] page dumped because: kasan: bad access detected [ 20.888620][ T325] page_owner tracks the page as allocated [ 20.894178][ T325] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 207, ts 11411162682, free_ts 7165237345 [ 20.909885][ T325] post_alloc_hook+0x1a3/0x1b0 [ 20.914484][ T325] get_page_from_freelist+0x2c14/0x2cf0 [ 20.919867][ T325] __alloc_pages+0x386/0x7b0 [ 20.924291][ T325] new_slab+0x92/0x490 [ 20.928201][ T325] ___slab_alloc+0x39e/0x830 [ 20.932624][ T325] __slab_alloc+0x4a/0x90 [ 20.936792][ T325] kmem_cache_alloc+0x134/0x200 [ 20.941480][ T325] vm_area_dup+0x26/0x230 [ 20.945731][ T325] dup_mm+0x81b/0x12c0 [ 20.949633][ T325] copy_mm+0x107/0x1b0 [ 20.953541][ T325] copy_process+0x12bc/0x3260 [ 20.958055][ T325] kernel_clone+0x21e/0x9e0 [ 20.962393][ T325] __x64_sys_clone+0x23f/0x290 [ 20.966995][ T325] do_syscall_64+0x3d/0xb0 [ 20.971247][ T325] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 20.976975][ T325] page last free stack trace: [ 20.981488][ T325] free_unref_page_prepare+0x7c8/0x7d0 [ 20.986784][ T325] free_unref_page+0xac/0x2c0 [ 20.991296][ T325] __free_pages+0x61/0xf0 [ 20.995463][ T325] __vunmap+0x7bc/0x8f0 [ 20.999458][ T325] free_work+0x5b/0x80 [ 21.003371][ T325] process_one_work+0x6bb/0xc10 [ 21.008051][ T325] worker_thread+0xad5/0x12a0 [ 21.012560][ T325] kthread+0x421/0x510 [ 21.016469][ T325] ret_from_fork+0x1f/0x30 [ 21.020719][ T325] [ 21.022890][ T325] Memory state around the buggy address: [ 21.028361][ T325] ffff88810ce0bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.036262][ T325] ffff88810ce0c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.044161][ T325] >ffff88810ce0c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 21.052055][ T325] ^ [ 21.055962][ T325] ffff88810ce0c100: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb [pid 325] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 325] exit_group(0) = ? [pid 325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 21.063860][ T325] ffff88810ce0c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.071766][ T325] ================================================================== [ 21.079783][ T325] Disabling lock debugging due to kernel taint [ 21.097098][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 21.111768][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 21.123792][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 21.123792][ T8] [ 21.133357][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 21.139146][ T8] EXT4-fs (loop0): Free/Dirty block details [ 21.144918][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 21.150428][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 21.155440][ T8] EXT4-fs (loop0): Block reservation details [ 21.161194][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 331 ./strace-static-x86_64: Process 331 attached [pid 331] chdir("./1") = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 331] memfd_create("syzkaller", 0) = 3 [pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 331] munmap(0x7f5afc91a000, 1048576) = 0 [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 331] close(3) = 0 [pid 331] mkdir("./file0", 0777) = 0 [pid 331] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 331] chdir("./file0") = 0 [pid 331] ioctl(4, LOOP_CLR_FD) = 0 [pid 331] close(4) = 0 [pid 331] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 331] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 331] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 331] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 331] sendfile(6, 5, NULL, 131071) = 131071 [ 21.277399][ T331] loop0: detected capacity change from 0 to 2048 [ 21.292688][ T331] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 331] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 331] exit_group(0) = ? [pid 331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 21.317387][ T331] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 21.339493][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 21.354351][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 21.366472][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 21.366472][ T330] [ 21.376316][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 21.382199][ T330] EXT4-fs (loop0): Free/Dirty block details [ 21.387835][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 21.393430][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 21.398333][ T330] EXT4-fs (loop0): Block reservation details [ 21.404194][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] chdir("./2") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 334] munmap(0x7f5afc91a000, 1048576) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 334] chdir("./file0") = 0 [pid 334] ioctl(4, LOOP_CLR_FD) = 0 [pid 334] close(4) = 0 [pid 334] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 334] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 334] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 334] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 334] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 334] sendfile(6, 5, NULL, 131071) = 131071 [ 21.555668][ T334] loop0: detected capacity change from 0 to 2048 [ 21.573085][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 334] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 334] exit_group(0) = ? [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 21.598123][ T334] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 21.618099][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 21.632986][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 21.645748][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 21.645748][ T330] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 21.655206][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 21.661097][ T330] EXT4-fs (loop0): Free/Dirty block details [ 21.666898][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 21.672785][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 21.677706][ T330] EXT4-fs (loop0): Block reservation details [ 21.683566][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 337 ./strace-static-x86_64: Process 337 attached [pid 337] chdir("./3") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] memfd_create("syzkaller", 0) = 3 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 337] munmap(0x7f5afc91a000, 1048576) = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 337] close(3) = 0 [pid 337] mkdir("./file0", 0777) = 0 [pid 337] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 337] chdir("./file0") = 0 [pid 337] ioctl(4, LOOP_CLR_FD) = 0 [pid 337] close(4) = 0 [pid 337] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 337] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 337] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 337] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 337] sendfile(6, 5, NULL, 131071) = 131071 [ 21.755850][ T337] loop0: detected capacity change from 0 to 2048 [ 21.783492][ T337] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 337] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 337] exit_group(0) = ? [pid 337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 21.819035][ T337] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 21.847033][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 21.861955][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 21.874035][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 21.874035][ T330] [ 21.883444][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 21.889234][ T330] EXT4-fs (loop0): Free/Dirty block details [ 21.895046][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 21.900524][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 21.905504][ T330] EXT4-fs (loop0): Block reservation details [ 21.911504][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] chdir("./4") = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 341] munmap(0x7f5afc91a000, 1048576) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] mkdir("./file0", 0777) = 0 [pid 341] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 341] chdir("./file0") = 0 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 341] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 341] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 341] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 341] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 341] sendfile(6, 5, NULL, 131071) = 131071 [ 21.985668][ T341] loop0: detected capacity change from 0 to 2048 [ 22.002591][ T341] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 341] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 341] exit_group(0) = ? [pid 341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 22.026380][ T341] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 22.053978][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.068746][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 22.080756][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.080756][ T10] [ 22.090360][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 22.096410][ T10] EXT4-fs (loop0): Free/Dirty block details [ 22.102408][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 22.107938][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 22.113004][ T10] EXT4-fs (loop0): Block reservation details [ 22.118703][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] chdir("./5") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] memfd_create("syzkaller", 0) = 3 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 345] munmap(0x7f5afc91a000, 1048576) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 345] close(3) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 345] chdir("./file0") = 0 [pid 345] ioctl(4, LOOP_CLR_FD) = 0 [pid 345] close(4) = 0 [pid 345] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 345] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 345] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 345] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 345] sendfile(6, 5, NULL, 131071) = 131071 [ 22.198594][ T345] loop0: detected capacity change from 0 to 2048 [ 22.222691][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 345] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 345] exit_group(0) = ? [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 22.247299][ T345] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 22.269174][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.284122][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 22.296278][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.296278][ T10] [ 22.305901][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 22.311816][ T10] EXT4-fs (loop0): Free/Dirty block details [ 22.317525][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 22.323145][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 22.328023][ T10] EXT4-fs (loop0): Block reservation details [ 22.333907][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 348 ./strace-static-x86_64: Process 348 attached [pid 348] chdir("./6") = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 348] memfd_create("syzkaller", 0) = 3 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 348] munmap(0x7f5afc91a000, 1048576) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 348] close(3) = 0 [pid 348] mkdir("./file0", 0777) = 0 [pid 348] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 348] chdir("./file0") = 0 [pid 348] ioctl(4, LOOP_CLR_FD) = 0 [pid 348] close(4) = 0 [pid 348] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 348] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 348] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 348] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 348] sendfile(6, 5, NULL, 131071) = 131071 [ 22.473124][ T348] loop0: detected capacity change from 0 to 2048 [ 22.492675][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 348] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 348] exit_group(0) = ? [pid 348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 22.524656][ T348] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 22.545712][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.560565][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 22.572582][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.572582][ T8] [ 22.582228][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 22.588028][ T8] EXT4-fs (loop0): Free/Dirty block details [ 22.593805][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 22.599310][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 22.606199][ T8] EXT4-fs (loop0): Block reservation details [ 22.612017][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] chdir("./7") = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 351] memfd_create("syzkaller", 0) = 3 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 351] munmap(0x7f5afc91a000, 1048576) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 351] close(3) = 0 [pid 351] mkdir("./file0", 0777) = 0 [pid 351] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 351] chdir("./file0") = 0 [pid 351] ioctl(4, LOOP_CLR_FD) = 0 [pid 351] close(4) = 0 [pid 351] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 351] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 351] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 351] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 351] sendfile(6, 5, NULL, 131071) = 131071 [ 22.709997][ T351] loop0: detected capacity change from 0 to 2048 [ 22.732690][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 351] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 351] exit_group(0) = ? [pid 351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 22.752306][ T351] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 22.770467][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.785242][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 22.797502][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.797502][ T8] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 22.807223][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 22.813079][ T8] EXT4-fs (loop0): Free/Dirty block details [ 22.818863][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 22.824460][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 22.829400][ T8] EXT4-fs (loop0): Block reservation details [ 22.835194][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 354 ./strace-static-x86_64: Process 354 attached [pid 354] chdir("./8") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] memfd_create("syzkaller", 0) = 3 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 354] munmap(0x7f5afc91a000, 1048576) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 354] close(3) = 0 [pid 354] mkdir("./file0", 0777) = 0 [pid 354] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 354] chdir("./file0") = 0 [pid 354] ioctl(4, LOOP_CLR_FD) = 0 [pid 354] close(4) = 0 [pid 354] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 354] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 354] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 354] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 354] sendfile(6, 5, NULL, 131071) = 131071 [ 22.918361][ T354] loop0: detected capacity change from 0 to 2048 [ 22.942709][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 354] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 354] exit_group(0) = ? [pid 354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 22.964206][ T354] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 22.995007][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.009784][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.021979][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.021979][ T8] [ 23.031443][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 23.037358][ T8] EXT4-fs (loop0): Free/Dirty block details [ 23.043080][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 23.048613][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 23.053614][ T8] EXT4-fs (loop0): Block reservation details [ 23.059398][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 358 ./strace-static-x86_64: Process 358 attached [pid 358] chdir("./9") = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 358] memfd_create("syzkaller", 0) = 3 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 358] munmap(0x7f5afc91a000, 1048576) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 358] close(3) = 0 [pid 358] mkdir("./file0", 0777) = 0 [pid 358] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 358] chdir("./file0") = 0 [pid 358] ioctl(4, LOOP_CLR_FD) = 0 [pid 358] close(4) = 0 [pid 358] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 358] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 358] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 358] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 358] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 358] sendfile(6, 5, NULL, 131071) = 131071 [pid 358] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 358] exit_group(0) = ? [pid 358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 23.136383][ T358] loop0: detected capacity change from 0 to 2048 [ 23.152595][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.173759][ T358] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 23.194398][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.209273][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.221283][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.221283][ T8] [ 23.230692][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 23.236803][ T8] EXT4-fs (loop0): Free/Dirty block details [ 23.242665][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 23.248267][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 23.253361][ T8] EXT4-fs (loop0): Block reservation details [ 23.259130][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] chdir("./10") = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 361] memfd_create("syzkaller", 0) = 3 [pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 361] munmap(0x7f5afc91a000, 1048576) = 0 [pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 361] close(3) = 0 [pid 361] mkdir("./file0", 0777) = 0 [pid 361] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 361] chdir("./file0") = 0 [pid 361] ioctl(4, LOOP_CLR_FD) = 0 [pid 361] close(4) = 0 [pid 361] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 361] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 361] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 361] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 361] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 361] sendfile(6, 5, NULL, 131071) = 131071 [ 23.346749][ T361] loop0: detected capacity change from 0 to 2048 [ 23.362922][ T361] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 361] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 361] exit_group(0) = ? [pid 361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 23.394261][ T361] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 23.409159][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.423876][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.435851][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.435851][ T10] [ 23.445377][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 23.451107][ T10] EXT4-fs (loop0): Free/Dirty block details [ 23.456860][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 23.462625][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 23.467534][ T10] EXT4-fs (loop0): Block reservation details [ 23.473387][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 365 attached , child_tidptr=0x55555647d5d0) = 365 [pid 365] chdir("./11") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 365] memfd_create("syzkaller", 0) = 3 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7f5afc91a000, 1048576) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 365] close(3) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 365] chdir("./file0") = 0 [pid 365] ioctl(4, LOOP_CLR_FD) = 0 [pid 365] close(4) = 0 [pid 365] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 365] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 365] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 365] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 365] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 365] sendfile(6, 5, NULL, 131071) = 131071 [ 23.557089][ T365] loop0: detected capacity change from 0 to 2048 [ 23.582804][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 365] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 365] exit_group(0) = ? [pid 365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 23.606551][ T365] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 23.624810][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.640986][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.653147][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.653147][ T8] [ 23.662805][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 23.668590][ T8] EXT4-fs (loop0): Free/Dirty block details [ 23.674545][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 23.680070][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 23.685078][ T8] EXT4-fs (loop0): Block reservation details [ 23.690832][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 368 ./strace-static-x86_64: Process 368 attached [pid 368] chdir("./12") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7f5afc91a000, 1048576) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 368] close(3) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file0") = 0 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [pid 368] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 368] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 368] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 368] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 368] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 368] sendfile(6, 5, NULL, 131071) = 131071 [pid 368] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 368] exit_group(0) = ? [pid 368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 23.796942][ T368] loop0: detected capacity change from 0 to 2048 [ 23.813116][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.834943][ T368] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 23.854628][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.869671][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.881736][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.881736][ T8] [ 23.891096][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 23.897149][ T8] EXT4-fs (loop0): Free/Dirty block details [ 23.902912][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 23.908397][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 23.913369][ T8] EXT4-fs (loop0): Block reservation details [ 23.919157][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 371 ./strace-static-x86_64: Process 371 attached [pid 371] chdir("./13") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 371] munmap(0x7f5afc91a000, 1048576) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 371] close(3) = 0 [pid 371] mkdir("./file0", 0777) = 0 [pid 371] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 371] chdir("./file0") = 0 [pid 371] ioctl(4, LOOP_CLR_FD) = 0 [pid 371] close(4) = 0 [pid 371] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 371] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 371] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 371] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 371] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 371] sendfile(6, 5, NULL, 131071) = 131071 [ 24.040257][ T371] loop0: detected capacity change from 0 to 2048 [ 24.062520][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 371] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 371] exit_group(0) = ? [pid 371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 24.083807][ T371] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 24.098959][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.115719][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.129286][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.129286][ T10] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] chdir("./14") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] memfd_create("syzkaller", 0) = 3 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [ 24.138924][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 24.144741][ T10] EXT4-fs (loop0): Free/Dirty block details [ 24.150446][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 24.156033][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 24.160952][ T10] EXT4-fs (loop0): Block reservation details [ 24.166781][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 375] munmap(0x7f5afc91a000, 1048576) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 375] close(3) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 375] chdir("./file0") = 0 [pid 375] ioctl(4, LOOP_CLR_FD) = 0 [pid 375] close(4) = 0 [pid 375] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 375] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 375] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 375] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 375] sendfile(6, 5, NULL, 131071) = 131071 [ 24.230154][ T375] loop0: detected capacity change from 0 to 2048 [ 24.262834][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 375] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 375] exit_group(0) = ? [pid 375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 24.280760][ T375] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 24.300753][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.315438][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.327492][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.327492][ T10] [ 24.336920][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 24.342699][ T10] EXT4-fs (loop0): Free/Dirty block details [ 24.348417][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 24.353992][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 24.358914][ T10] EXT4-fs (loop0): Block reservation details [ 24.364756][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 378 ./strace-static-x86_64: Process 378 attached [pid 378] chdir("./15") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 378] memfd_create("syzkaller", 0) = 3 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 378] munmap(0x7f5afc91a000, 1048576) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 378] close(3) = 0 [pid 378] mkdir("./file0", 0777) = 0 [pid 378] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 378] chdir("./file0") = 0 [pid 378] ioctl(4, LOOP_CLR_FD) = 0 [pid 378] close(4) = 0 [pid 378] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 378] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 378] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 378] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 378] sendfile(6, 5, NULL, 131071) = 131071 [pid 378] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 378] exit_group(0) = ? [pid 378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 24.471392][ T378] loop0: detected capacity change from 0 to 2048 [ 24.483043][ T378] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.505545][ T378] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 24.527861][ T45] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.542677][ T45] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.554694][ T45] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.554694][ T45] [ 24.564327][ T45] EXT4-fs (loop0): Total free blocks count 0 [ 24.570107][ T45] EXT4-fs (loop0): Free/Dirty block details [ 24.575979][ T45] EXT4-fs (loop0): free_blocks=2415919104 [ 24.581650][ T45] EXT4-fs (loop0): dirty_blocks=16 [ 24.586530][ T45] EXT4-fs (loop0): Block reservation details [ 24.592372][ T45] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 381 ./strace-static-x86_64: Process 381 attached [pid 381] chdir("./16") = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] memfd_create("syzkaller", 0) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 381] munmap(0x7f5afc91a000, 1048576) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 381] close(3) = 0 [pid 381] mkdir("./file0", 0777) = 0 [pid 381] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 381] chdir("./file0") = 0 [pid 381] ioctl(4, LOOP_CLR_FD) = 0 [pid 381] close(4) = 0 [pid 381] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 381] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 381] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 381] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 381] sendfile(6, 5, NULL, 131071) = 131071 [ 24.673791][ T381] loop0: detected capacity change from 0 to 2048 [ 24.692450][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 381] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 381] exit_group(0) = ? [pid 381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 24.715281][ T381] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 24.737632][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.752367][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.764496][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.764496][ T8] [ 24.773945][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 24.779843][ T8] EXT4-fs (loop0): Free/Dirty block details [ 24.785840][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 24.791489][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 24.796407][ T8] EXT4-fs (loop0): Block reservation details [ 24.802266][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] chdir("./17") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] memfd_create("syzkaller", 0) = 3 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 384] munmap(0x7f5afc91a000, 1048576) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 384] close(3) = 0 [pid 384] mkdir("./file0", 0777) = 0 [pid 384] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 384] chdir("./file0") = 0 [pid 384] ioctl(4, LOOP_CLR_FD) = 0 [pid 384] close(4) = 0 [pid 384] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 384] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 384] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 384] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 384] sendfile(6, 5, NULL, 131071) = 131071 [pid 384] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 384] exit_group(0) = ? [pid 384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 24.909875][ T384] loop0: detected capacity change from 0 to 2048 [ 24.925226][ T384] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.947076][ T384] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 24.968939][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.983871][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.995873][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.995873][ T8] [ 25.005507][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 25.011351][ T8] EXT4-fs (loop0): Free/Dirty block details [ 25.017027][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 25.022644][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 25.027528][ T8] EXT4-fs (loop0): Block reservation details [ 25.033358][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] chdir("./18") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 388] memfd_create("syzkaller", 0) = 3 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 388] munmap(0x7f5afc91a000, 1048576) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 388] close(3) = 0 [pid 388] mkdir("./file0", 0777) = 0 [pid 388] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 388] chdir("./file0") = 0 [pid 388] ioctl(4, LOOP_CLR_FD) = 0 [pid 388] close(4) = 0 [pid 388] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 388] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 388] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 388] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 388] sendfile(6, 5, NULL, 131071) = 131071 [pid 388] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 388] exit_group(0) = ? [pid 388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 25.107889][ T388] loop0: detected capacity change from 0 to 2048 [ 25.122781][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 25.143543][ T388] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 25.166111][ T8] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.180913][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.193164][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.193164][ T8] [ 25.202739][ T8] EXT4-fs (loop0): Total free blocks count 0 [ 25.208538][ T8] EXT4-fs (loop0): Free/Dirty block details [ 25.214337][ T8] EXT4-fs (loop0): free_blocks=2415919104 [ 25.219878][ T8] EXT4-fs (loop0): dirty_blocks=16 [ 25.224999][ T8] EXT4-fs (loop0): Block reservation details [ 25.230802][ T8] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] chdir("./19") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] memfd_create("syzkaller", 0) = 3 [pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 391] munmap(0x7f5afc91a000, 1048576) = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 391] close(3) = 0 [pid 391] mkdir("./file0", 0777) = 0 [pid 391] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 391] chdir("./file0") = 0 [pid 391] ioctl(4, LOOP_CLR_FD) = 0 [pid 391] close(4) = 0 [pid 391] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 391] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 391] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 391] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 391] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 391] sendfile(6, 5, NULL, 131071) = 131071 [pid 391] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 391] exit_group(0) = ? [ 25.316783][ T391] loop0: detected capacity change from 0 to 2048 [ 25.332857][ T391] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 25.355492][ T391] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 25.376494][ T45] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.391551][ T45] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.403533][ T45] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.403533][ T45] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 394 [ 25.413215][ T45] EXT4-fs (loop0): Total free blocks count 0 [ 25.419012][ T45] EXT4-fs (loop0): Free/Dirty block details [ 25.424873][ T45] EXT4-fs (loop0): free_blocks=2415919104 [ 25.430398][ T45] EXT4-fs (loop0): dirty_blocks=16 [ 25.435428][ T45] EXT4-fs (loop0): Block reservation details [ 25.441226][ T45] EXT4-fs (loop0): i_reserved_data_blocks=1 ./strace-static-x86_64: Process 394 attached [pid 394] chdir("./20") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 394] memfd_create("syzkaller", 0) = 3 [pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 394] munmap(0x7f5afc91a000, 1048576) = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 394] close(3) = 0 [pid 394] mkdir("./file0", 0777) = 0 [pid 394] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 394] chdir("./file0") = 0 [pid 394] ioctl(4, LOOP_CLR_FD) = 0 [pid 394] close(4) = 0 [pid 394] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 394] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 394] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 394] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 394] sendfile(6, 5, NULL, 131071) = 131071 [pid 394] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 394] exit_group(0) = ? [pid 394] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 [ 25.506668][ T394] loop0: detected capacity change from 0 to 2048 [ 25.522550][ T394] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 25.544416][ T394] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 25.562506][ T45] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.577301][ T45] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.589311][ T45] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.589311][ T45] [ 25.599123][ T45] EXT4-fs (loop0): Total free blocks count 0 [ 25.605052][ T45] EXT4-fs (loop0): Free/Dirty block details umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 25.610741][ T45] EXT4-fs (loop0): free_blocks=2415919104 [ 25.616375][ T45] EXT4-fs (loop0): dirty_blocks=16 [ 25.621272][ T45] EXT4-fs (loop0): Block reservation details [ 25.627059][ T45] EXT4-fs (loop0): i_reserved_data_blocks=1 lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 397 ./strace-static-x86_64: Process 397 attached [pid 397] chdir("./21") = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 397] memfd_create("syzkaller", 0) = 3 [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 397] munmap(0x7f5afc91a000, 1048576) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 397] close(3) = 0 [pid 397] mkdir("./file0", 0777) = 0 [pid 397] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 397] chdir("./file0") = 0 [pid 397] ioctl(4, LOOP_CLR_FD) = 0 [pid 397] close(4) = 0 [pid 397] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 397] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 397] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 397] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 397] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 397] sendfile(6, 5, NULL, 131071) = 131071 [ 25.697503][ T397] loop0: detected capacity change from 0 to 2048 [ 25.713081][ T397] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 397] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 397] exit_group(0) = ? [pid 397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 25.744517][ T397] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 25.760695][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.775960][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.787946][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.787946][ T10] [ 25.797596][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 25.803572][ T10] EXT4-fs (loop0): Free/Dirty block details [ 25.809196][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 25.815021][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 25.819943][ T10] EXT4-fs (loop0): Block reservation details [ 25.825827][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] chdir("./22") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] memfd_create("syzkaller", 0) = 3 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 401] munmap(0x7f5afc91a000, 1048576) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 401] close(3) = 0 [pid 401] mkdir("./file0", 0777) = 0 [pid 401] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 401] chdir("./file0") = 0 [pid 401] ioctl(4, LOOP_CLR_FD) = 0 [pid 401] close(4) = 0 [pid 401] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 401] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 401] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 401] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 401] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 401] sendfile(6, 5, NULL, 131071) = 131071 [ 25.914001][ T401] loop0: detected capacity change from 0 to 2048 [ 25.932529][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 401] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 401] exit_group(0) = ? [pid 401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 25.955335][ T401] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 25.976854][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.991606][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 26.003751][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.003751][ T10] [ 26.013234][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 26.019195][ T10] EXT4-fs (loop0): Free/Dirty block details [ 26.025120][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 26.030652][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 26.035629][ T10] EXT4-fs (loop0): Block reservation details [ 26.041482][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] chdir("./23") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] memfd_create("syzkaller", 0) = 3 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 405] munmap(0x7f5afc91a000, 1048576) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 405] close(3) = 0 [pid 405] mkdir("./file0", 0777) = 0 [pid 405] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 405] chdir("./file0") = 0 [pid 405] ioctl(4, LOOP_CLR_FD) = 0 [pid 405] close(4) = 0 [pid 405] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 405] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 405] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 405] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 405] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 405] sendfile(6, 5, NULL, 131071) = 131071 [ 26.117624][ T405] loop0: detected capacity change from 0 to 2048 [ 26.152998][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 405] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 405] exit_group(0) = ? [pid 405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 26.183817][ T405] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 26.205049][ T400] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.219781][ T400] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 26.231982][ T400] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.231982][ T400] [ 26.241615][ T400] EXT4-fs (loop0): Total free blocks count 0 [ 26.247405][ T400] EXT4-fs (loop0): Free/Dirty block details [ 26.253268][ T400] EXT4-fs (loop0): free_blocks=2415919104 [ 26.258804][ T400] EXT4-fs (loop0): dirty_blocks=16 [ 26.263929][ T400] EXT4-fs (loop0): Block reservation details [ 26.269726][ T400] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] chdir("./24") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 408] munmap(0x7f5afc91a000, 1048576) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./file0") = 0 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 408] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 408] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 408] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 408] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 408] sendfile(6, 5, NULL, 131071) = 131071 [ 26.356716][ T408] loop0: detected capacity change from 0 to 2048 [ 26.373921][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 408] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 408] exit_group(0) = ? [pid 408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 26.408513][ T408] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 26.429973][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.445342][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 26.457359][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.457359][ T330] [ 26.466816][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 26.472625][ T330] EXT4-fs (loop0): Free/Dirty block details [ 26.478336][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 26.483911][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 26.488838][ T330] EXT4-fs (loop0): Block reservation details [ 26.494702][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 411 ./strace-static-x86_64: Process 411 attached [pid 411] chdir("./25") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 411] write(3, "1000", 4) = 4 [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 411] memfd_create("syzkaller", 0) = 3 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 411] munmap(0x7f5afc91a000, 1048576) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 411] close(3) = 0 [pid 411] mkdir("./file0", 0777) = 0 [pid 411] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 411] chdir("./file0") = 0 [pid 411] ioctl(4, LOOP_CLR_FD) = 0 [pid 411] close(4) = 0 [pid 411] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 411] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 411] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 411] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 411] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 411] sendfile(6, 5, NULL, 131071) = 131071 [ 26.623363][ T411] loop0: detected capacity change from 0 to 2048 [ 26.642670][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 411] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 411] exit_group(0) = ? [pid 411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=411, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 26.665407][ T411] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 26.687517][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.702403][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 26.714402][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.714402][ T330] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] chdir("./26") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] memfd_create("syzkaller", 0) = 3 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 414] munmap(0x7f5afc91a000, 1048576) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.724165][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 26.729959][ T330] EXT4-fs (loop0): Free/Dirty block details [ 26.735770][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 26.741271][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 26.746187][ T330] EXT4-fs (loop0): Block reservation details [ 26.752031][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 414] close(3) = 0 [pid 414] mkdir("./file0", 0777) = 0 [pid 414] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 414] chdir("./file0") = 0 [pid 414] ioctl(4, LOOP_CLR_FD) = 0 [pid 414] close(4) = 0 [pid 414] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 414] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 414] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 414] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 414] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 414] sendfile(6, 5, NULL, 131071) = 131071 [ 26.805551][ T414] loop0: detected capacity change from 0 to 2048 [ 26.822781][ T414] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 414] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 414] exit_group(0) = ? [pid 414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 26.847382][ T414] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 26.868121][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.883006][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 26.895085][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.895085][ T10] [ 26.904642][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 26.910438][ T10] EXT4-fs (loop0): Free/Dirty block details [ 26.916463][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 26.922080][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 26.926933][ T10] EXT4-fs (loop0): Block reservation details [ 26.932833][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 417 ./strace-static-x86_64: Process 417 attached [pid 417] chdir("./27") = 0 [pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 417] setpgid(0, 0) = 0 [pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 417] write(3, "1000", 4) = 4 [pid 417] close(3) = 0 [pid 417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 417] memfd_create("syzkaller", 0) = 3 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 417] munmap(0x7f5afc91a000, 1048576) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 417] close(3) = 0 [pid 417] mkdir("./file0", 0777) = 0 [pid 417] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 417] chdir("./file0") = 0 [pid 417] ioctl(4, LOOP_CLR_FD) = 0 [pid 417] close(4) = 0 [pid 417] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 417] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 417] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 417] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 417] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 417] sendfile(6, 5, NULL, 131071) = 131071 [pid 417] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 417] exit_group(0) = ? [pid 417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=417, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 27.036986][ T417] loop0: detected capacity change from 0 to 2048 [ 27.052403][ T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 27.074802][ T417] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 27.096273][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.110955][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 27.122973][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.122973][ T10] [ 27.132416][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 27.138287][ T10] EXT4-fs (loop0): Free/Dirty block details [ 27.144044][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 27.149569][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 27.154536][ T10] EXT4-fs (loop0): Block reservation details [ 27.160329][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 421 ./strace-static-x86_64: Process 421 attached [pid 421] chdir("./28") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 421] memfd_create("syzkaller", 0) = 3 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 421] munmap(0x7f5afc91a000, 1048576) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 421] close(3) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 421] chdir("./file0") = 0 [pid 421] ioctl(4, LOOP_CLR_FD) = 0 [pid 421] close(4) = 0 [pid 421] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 421] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 421] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 421] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 421] sendfile(6, 5, NULL, 131071) = 131071 [ 27.270443][ T421] loop0: detected capacity change from 0 to 2048 [ 27.302431][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 421] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 421] exit_group(0) = ? [pid 421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 27.321599][ T421] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 27.341606][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.356437][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 27.368639][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.368639][ T10] [ 27.378105][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 27.383906][ T10] EXT4-fs (loop0): Free/Dirty block details [ 27.389611][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 27.395224][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 27.400114][ T10] EXT4-fs (loop0): Block reservation details [ 27.405952][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] chdir("./29") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] memfd_create("syzkaller", 0) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 424] munmap(0x7f5afc91a000, 1048576) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 424] close(3) = 0 [pid 424] mkdir("./file0", 0777) = 0 [pid 424] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 424] chdir("./file0") = 0 [pid 424] ioctl(4, LOOP_CLR_FD) = 0 [pid 424] close(4) = 0 [pid 424] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 424] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 424] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 424] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 424] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 424] sendfile(6, 5, NULL, 131071) = 131071 [ 27.514308][ T424] loop0: detected capacity change from 0 to 2048 [ 27.532659][ T424] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 424] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 424] exit_group(0) = ? [pid 424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 27.553759][ T424] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 27.575148][ T400] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.590196][ T400] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 27.602191][ T400] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.602191][ T400] [ 27.611908][ T400] EXT4-fs (loop0): Total free blocks count 0 [ 27.617717][ T400] EXT4-fs (loop0): Free/Dirty block details [ 27.623521][ T400] EXT4-fs (loop0): free_blocks=2415919104 [ 27.629066][ T400] EXT4-fs (loop0): dirty_blocks=16 [ 27.633957][ T400] EXT4-fs (loop0): Block reservation details [ 27.639752][ T400] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 427 ./strace-static-x86_64: Process 427 attached [pid 427] chdir("./30") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 427] memfd_create("syzkaller", 0) = 3 [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 427] munmap(0x7f5afc91a000, 1048576) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 427] close(3) = 0 [pid 427] mkdir("./file0", 0777) = 0 [pid 427] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 427] chdir("./file0") = 0 [pid 427] ioctl(4, LOOP_CLR_FD) = 0 [pid 427] close(4) = 0 [pid 427] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 427] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 427] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 427] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 427] sendfile(6, 5, NULL, 131071) = 131071 [pid 427] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [ 27.746559][ T427] loop0: detected capacity change from 0 to 2048 [ 27.762744][ T427] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 427] exit_group(0) = ? [pid 427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 27.785602][ T427] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 27.804132][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.819166][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 27.831214][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.831214][ T330] [ 27.841063][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 27.846976][ T330] EXT4-fs (loop0): Free/Dirty block details [ 27.852698][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 27.858150][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 27.863151][ T330] EXT4-fs (loop0): Block reservation details [ 27.868913][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] chdir("./31") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7f5afc91a000, 1048576) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 430] close(3) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 430] chdir("./file0") = 0 [pid 430] ioctl(4, LOOP_CLR_FD) = 0 [pid 430] close(4) = 0 [pid 430] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 430] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 430] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 430] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 430] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 430] sendfile(6, 5, NULL, 131071) = 131071 [ 27.949565][ T430] loop0: detected capacity change from 0 to 2048 [ 27.965552][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 430] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 430] exit_group(0) = ? [pid 430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 27.997955][ T430] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 28.027588][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.042307][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 28.054426][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 28.054426][ T330] [ 28.064157][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 28.069946][ T330] EXT4-fs (loop0): Free/Dirty block details [ 28.075824][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 28.081544][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 28.086451][ T330] EXT4-fs (loop0): Block reservation details [ 28.092405][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 434 ./strace-static-x86_64: Process 434 attached [pid 434] chdir("./32") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] memfd_create("syzkaller", 0) = 3 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7f5afc91a000, 1048576) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 434] close(3) = 0 [pid 434] mkdir("./file0", 0777) = 0 [pid 434] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 434] chdir("./file0") = 0 [pid 434] ioctl(4, LOOP_CLR_FD) = 0 [pid 434] close(4) = 0 [pid 434] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 434] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 434] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 434] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 434] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 434] sendfile(6, 5, NULL, 131071) = 131071 [pid 434] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 434] exit_group(0) = ? [pid 434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=434, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 [ 28.189794][ T434] loop0: detected capacity change from 0 to 2048 [ 28.204711][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 28.227354][ T434] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 28.247320][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.262001][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 28.274015][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 28.274015][ T330] [ 28.283484][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 28.289245][ T330] EXT4-fs (loop0): Free/Dirty block details [ 28.295165][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 28.300691][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 28.305665][ T330] EXT4-fs (loop0): Block reservation details [ 28.311463][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 437 ./strace-static-x86_64: Process 437 attached [pid 437] chdir("./33") = 0 [pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 437] setpgid(0, 0) = 0 [pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 437] write(3, "1000", 4) = 4 [pid 437] close(3) = 0 [pid 437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 437] memfd_create("syzkaller", 0) = 3 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 437] munmap(0x7f5afc91a000, 1048576) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 437] close(3) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 437] chdir("./file0") = 0 [pid 437] ioctl(4, LOOP_CLR_FD) = 0 [pid 437] close(4) = 0 [pid 437] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 437] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 437] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 437] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 437] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 437] sendfile(6, 5, NULL, 131071) = 131071 [pid 437] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 437] exit_group(0) = ? [pid 437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=437, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 [ 28.397094][ T437] loop0: detected capacity change from 0 to 2048 [ 28.412831][ T437] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 28.431920][ T437] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 28.452280][ T330] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.467171][ T330] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 28.479194][ T330] EXT4-fs (loop0): This should not happen!! Data will be lost [ 28.479194][ T330] [ 28.488647][ T330] EXT4-fs (loop0): Total free blocks count 0 [ 28.494440][ T330] EXT4-fs (loop0): Free/Dirty block details [ 28.500146][ T330] EXT4-fs (loop0): free_blocks=2415919104 [ 28.505723][ T330] EXT4-fs (loop0): dirty_blocks=16 [ 28.510645][ T330] EXT4-fs (loop0): Block reservation details [ 28.516490][ T330] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] chdir("./34") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] memfd_create("syzkaller", 0) = 3 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 440] munmap(0x7f5afc91a000, 1048576) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 440] close(3) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 440] chdir("./file0") = 0 [pid 440] ioctl(4, LOOP_CLR_FD) = 0 [pid 440] close(4) = 0 [pid 440] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 440] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 440] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 440] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 440] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 440] sendfile(6, 5, NULL, 131071) = 131071 [ 28.635293][ T440] loop0: detected capacity change from 0 to 2048 [ 28.652972][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 440] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 440] exit_group(0) = ? [pid 440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=440, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 [ 28.676945][ T440] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 28.698805][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.713712][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 28.725696][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 28.725696][ T10] [ 28.735371][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 28.741165][ T10] EXT4-fs (loop0): Free/Dirty block details [ 28.748544][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 28.754104][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 28.759032][ T10] EXT4-fs (loop0): Block reservation details [ 28.764869][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 443 ./strace-static-x86_64: Process 443 attached [pid 443] chdir("./35") = 0 [pid 443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 443] setpgid(0, 0) = 0 [pid 443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 443] write(3, "1000", 4) = 4 [pid 443] close(3) = 0 [pid 443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 443] memfd_create("syzkaller", 0) = 3 [pid 443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 443] munmap(0x7f5afc91a000, 1048576) = 0 [pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 443] close(3) = 0 [pid 443] mkdir("./file0", 0777) = 0 [pid 443] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 443] chdir("./file0") = 0 [pid 443] ioctl(4, LOOP_CLR_FD) = 0 [pid 443] close(4) = 0 [pid 443] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 443] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 443] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 443] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 443] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 443] sendfile(6, 5, NULL, 131071) = 131071 [ 28.870063][ T443] loop0: detected capacity change from 0 to 2048 [ 28.892658][ T443] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 443] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 443] exit_group(0) = ? [pid 443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=443, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 [ 28.914335][ T443] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 28.935451][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.950220][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 28.962228][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 446 [ 28.962228][ T10] [ 28.971685][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 28.977564][ T10] EXT4-fs (loop0): Free/Dirty block details [ 28.983225][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 28.988809][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 28.993760][ T10] EXT4-fs (loop0): Block reservation details [ 28.999565][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 ./strace-static-x86_64: Process 446 attached [pid 446] chdir("./36") = 0 [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 446] setpgid(0, 0) = 0 [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 446] write(3, "1000", 4) = 4 [pid 446] close(3) = 0 [pid 446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 446] memfd_create("syzkaller", 0) = 3 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 446] munmap(0x7f5afc91a000, 1048576) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 446] close(3) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 446] chdir("./file0") = 0 [pid 446] ioctl(4, LOOP_CLR_FD) = 0 [pid 446] close(4) = 0 [pid 446] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 446] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 446] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 446] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 446] sendfile(6, 5, NULL, 131071) = 131071 [ 29.057550][ T446] loop0: detected capacity change from 0 to 2048 [ 29.083093][ T446] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 446] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 446] exit_group(0) = ? [pid 446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=446, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 [ 29.104399][ T446] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 29.125939][ T10] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.140640][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 29.152635][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.152635][ T10] [ 29.162224][ T10] EXT4-fs (loop0): Total free blocks count 0 [ 29.168012][ T10] EXT4-fs (loop0): Free/Dirty block details [ 29.173874][ T10] EXT4-fs (loop0): free_blocks=2415919104 [ 29.179401][ T10] EXT4-fs (loop0): dirty_blocks=16 [ 29.184564][ T10] EXT4-fs (loop0): Block reservation details [ 29.190354][ T10] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] chdir("./37") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 451] memfd_create("syzkaller", 0) = 3 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 451] munmap(0x7f5afc91a000, 1048576) = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 451] close(3) = 0 [pid 451] mkdir("./file0", 0777) = 0 [pid 451] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 451] chdir("./file0") = 0 [pid 451] ioctl(4, LOOP_CLR_FD) = 0 [pid 451] close(4) = 0 [pid 451] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 451] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 451] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 451] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 451] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 451] sendfile(6, 5, NULL, 131071) = 131071 [ 29.310479][ T451] loop0: detected capacity change from 0 to 2048 [ 29.322818][ T451] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 451] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 451] exit_group(0) = ? [pid 451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=451, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 29.354641][ T451] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 29.374701][ T400] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.389604][ T400] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 29.401736][ T400] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.401736][ T400] [ 29.411165][ T400] EXT4-fs (loop0): Total free blocks count 0 [ 29.417030][ T400] EXT4-fs (loop0): Free/Dirty block details [ 29.422727][ T400] EXT4-fs (loop0): free_blocks=2415919104 [ 29.428263][ T400] EXT4-fs (loop0): dirty_blocks=16 [ 29.433228][ T400] EXT4-fs (loop0): Block reservation details [ 29.439025][ T400] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 454 ./strace-static-x86_64: Process 454 attached [pid 454] chdir("./38") = 0 [pid 454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 454] setpgid(0, 0) = 0 [pid 454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 454] write(3, "1000", 4) = 4 [pid 454] close(3) = 0 [pid 454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 454] memfd_create("syzkaller", 0) = 3 [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 454] munmap(0x7f5afc91a000, 1048576) = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 454] close(3) = 0 [pid 454] mkdir("./file0", 0777) = 0 [pid 454] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 454] chdir("./file0") = 0 [pid 454] ioctl(4, LOOP_CLR_FD) = 0 [pid 454] close(4) = 0 [pid 454] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 454] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 454] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 454] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 454] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 454] sendfile(6, 5, NULL, 131071) = 131071 [pid 454] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 454] exit_group(0) = ? [pid 454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=454, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 [ 29.545569][ T454] loop0: detected capacity change from 0 to 2048 [ 29.562620][ T454] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 29.582138][ T454] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 29.603212][ T400] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.618090][ T400] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 29.630133][ T400] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.630133][ T400] [ 29.639590][ T400] EXT4-fs (loop0): Total free blocks count 0 [ 29.645564][ T400] EXT4-fs (loop0): Free/Dirty block details [ 29.651286][ T400] EXT4-fs (loop0): free_blocks=2415919104 [ 29.656812][ T400] EXT4-fs (loop0): dirty_blocks=16 [ 29.661794][ T400] EXT4-fs (loop0): Block reservation details [ 29.667576][ T400] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 457 ./strace-static-x86_64: Process 457 attached [pid 457] chdir("./39") = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 457] setpgid(0, 0) = 0 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 457] write(3, "1000", 4) = 4 [pid 457] close(3) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 457] memfd_create("syzkaller", 0) = 3 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 457] munmap(0x7f5afc91a000, 1048576) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 457] close(3) = 0 [pid 457] mkdir("./file0", 0777) = 0 [pid 457] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 457] chdir("./file0") = 0 [pid 457] ioctl(4, LOOP_CLR_FD) = 0 [pid 457] close(4) = 0 [pid 457] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 457] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 457] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 457] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 457] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 457] sendfile(6, 5, NULL, 131071) = 131071 [ 29.790254][ T457] loop0: detected capacity change from 0 to 2048 [ 29.822578][ T457] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 457] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 457] exit_group(0) = ? [pid 457] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=457, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 [ 29.846458][ T457] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 29.866995][ T400] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.882237][ T400] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 29.894380][ T400] EXT4-fs (loop0): This should not happen!! Data will be lost [ 29.894380][ T400] [ 29.903963][ T400] EXT4-fs (loop0): Total free blocks count 0 [ 29.909754][ T400] EXT4-fs (loop0): Free/Dirty block details [ 29.915716][ T400] EXT4-fs (loop0): free_blocks=2415919104 [ 29.921336][ T400] EXT4-fs (loop0): dirty_blocks=16 [ 29.926305][ T400] EXT4-fs (loop0): Block reservation details [ 29.932268][ T400] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555647d5d0) = 460 ./strace-static-x86_64: Process 460 attached [pid 460] chdir("./40") = 0 [pid 460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 460] setpgid(0, 0) = 0 [pid 460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 460] write(3, "1000", 4) = 4 [pid 460] close(3) = 0 [pid 460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 460] memfd_create("syzkaller", 0) = 3 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000 [pid 460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 460] munmap(0x7f5afc91a000, 1048576) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 460] close(3) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 460] chdir("./file0") = 0 [pid 460] ioctl(4, LOOP_CLR_FD) = 0 [pid 460] close(4) = 0 [pid 460] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 460] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 460] openat(AT_FDCWD, "./bus", O_RDONLY) = 5 [pid 460] openat(AT_FDCWD, "./bus", O_RDWR|O_SYNC|O_NOATIME|O_CLOEXEC) = 6 [pid 460] read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8254) = 8254 [pid 460] sendfile(6, 5, NULL, 131071) = 131071 [ 30.048376][ T460] loop0: detected capacity change from 0 to 2048 [ 30.072699][ T460] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 460] write(4, "\x10\x00\x00\x00\xf5\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 460] exit_group(0) = ? [pid 460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=460, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555647e620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 [ 30.092098][ T460] EXT4-fs error (device loop0): ext4_xattr_ibody_get:608: inode #18: comm syz-executor348: corrupted in-inode xattr [ 30.114656][ T400] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.129573][ T400] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 30.141587][ T400] EXT4-fs (loop0): This should not happen!! Data will be lost [ 30.141587][ T400] [ 30.151006][ T400] EXT4-fs (loop0): Total free blocks count 0 [ 30.156997][ T400] EXT4-fs (loop0): Free/Dirty block details [ 30.162675][ T400] EXT4-fs (loop0): free_blocks=2415919104 [ 30.168214][ T400] EXT4-fs (loop0): dirty_blocks=16 [ 30.173180][ T400] EXT4-fs (loop0): Block reservation details [ 30.178983][ T400] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556486660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556486660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55555647e620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 464 attached , child_tidptr=0x55555647d5d0) = 464 [pid 464] chdir("./41") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] memfd_create("syzkaller", 0) = 3 [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5afc91a000