./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1847694981
<...>
Warning: Permanently added '10.128.1.248' (ED25519) to the list of known hosts.
execve("./syz-executor1847694981", ["./syz-executor1847694981"], 0x7fffa58c1690 /* 10 vars */) = 0
brk(NULL) = 0x555581971000
brk(0x555581971d00) = 0x555581971d00
arch_prctl(ARCH_SET_FS, 0x555581971380) = 0
set_tid_address(0x555581971650) = 289
set_robust_list(0x555581971660, 24) = 0
rseq(0x555581971ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1847694981", 4096) = 28
getrandom("\x2e\x03\x19\x2b\xb1\x00\x6d\x46", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555581971d00
brk(0x555581992d00) = 0x555581992d00
brk(0x555581993000) = 0x555581993000
mprotect(0x7f7f74412000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
mkdir("./syzkaller.h2OxP4", 0700) = 0
chmod("./syzkaller.h2OxP4", 0777) = 0
chdir("./syzkaller.h2OxP4") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 290
./strace-static-x86_64: Process 290 attached
[pid 290] set_robust_list(0x555581971660, 24) = 0
[pid 290] chdir("./0") = 0
[pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 290] setpgid(0, 0) = 0
[pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 290] write(3, "1000", 4executing program
) = 4
[pid 290] close(3) = 0
[pid 290] symlink("/dev/binderfs", "./binderfs") = 0
[pid 290] write(1, "executing program\n", 18) = 18
[pid 290] memfd_create("syzkaller", 0) = 3
[pid 290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 290] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 24.553976][ T28] audit: type=1400 audit(1753025701.454:64): avc: denied { execmem } for pid=289 comm="syz-executor184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 24.574857][ T290] loop0: detected capacity change from 0 to 1024
[pid 290] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 290] close(3) = 0
[pid 290] close(4) = 0
[pid 290] mkdir("./file1", 0777) = 0
[ 24.581329][ T28] audit: type=1400 audit(1753025701.454:65): avc: denied { read write } for pid=289 comm="syz-executor184" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 24.581363][ T28] audit: type=1400 audit(1753025701.454:66): avc: denied { open } for pid=289 comm="syz-executor184" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 24.609409][ T290] =======================================================
[ 24.609409][ T290] WARNING: The mand mount option has been deprecated and
[ 24.609409][ T290] and is ignored by this kernel. Remove the mand
[ 24.609409][ T290] option from the mount to silence this warning.
[ 24.609409][ T290] =======================================================
[ 24.665264][ T28] audit: type=1400 audit(1753025701.454:67): avc: denied { ioctl } for pid=289 comm="syz-executor184" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 24.681199][ T290] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 290] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 290] chdir("./file1") = 0
[pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 290] ioctl(4, LOOP_CLR_FD) = 0
[pid 290] close(4) = 0
[pid 290] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 24.691400][ T28] audit: type=1400 audit(1753025701.514:68): avc: denied { mounton } for pid=290 comm="syz-executor184" path="/root/syzkaller.h2OxP4/0/file1" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 24.723791][ T28] audit: type=1400 audit(1753025701.604:69): avc: denied { mount } for pid=290 comm="syz-executor184" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 24.732679][ T290] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 24.745976][ T28] audit: type=1400 audit(1753025701.614:70): avc: denied { write } for pid=290 comm="syz-executor184" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 24.760408][ T290] EXT4-fs (loop0): pa ffff88811a5af3f0: logic 256, phys. 385, len 8
[pid 290] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 290] ftruncate(4, 7) = 0
[pid 290] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 290] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 290] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 290] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 290] exit_group(0) = ?
[pid 290] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=290, si_uid=0, si_status=0, si_utime=0, si_stime=16} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 24.782081][ T28] audit: type=1400 audit(1753025701.614:71): avc: denied { add_name } for pid=290 comm="syz-executor184" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 24.789947][ T290] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 24.811519][ T28] audit: type=1400 audit(1753025701.614:72): avc: denied { create } for pid=290 comm="syz-executor184" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/lost+found") = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file0") = 0
umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
close(5) = 0
rmdir("./0/file1/file0") = 0
umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file1") = 0
umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file2") = 0
umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file3") = 0
umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/file.cold") = 0
umount2("./0/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 24.842788][ T28] audit: type=1400 audit(1753025701.624:73): avc: denied { read append open } for pid=290 comm="syz-executor184" path="/root/syzkaller.h2OxP4/0/file1/memory.stat" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 24.871022][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 16771981014464, count = 16
[ 24.885972][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 16771980988218, count = 26249
[ 24.901221][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 16771980988208, count = 16
[ 24.916202][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 8760130484288, count = 16
[ 24.931051][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 8760130480399, count = 3898
[ 24.946052][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 8760130480384, count = 16
[ 24.960963][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 45145073367120, count = 16
[ 24.975856][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 45145073365103, count = 2030
unlink("./0/file1/memory.stat") = 0
umount2("./0/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./0/file1") = -1 EBUSY (Device or resource busy)
umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./0/file1") = 0
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 296
./strace-static-x86_64: Process 296 attached
executing program
[pid 296] set_robust_list(0x555581971660, 24) = 0
[pid 296] chdir("./1") = 0
[pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 296] setpgid(0, 0) = 0
[pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 296] write(3, "1000", 4) = 4
[pid 296] cl(3) = 0
[pid 296] symlink("/dev/binderfs", "./binderfs") = 0
[pid 296] write(1, "executing program\n", 18) = 18
[pid 296] memfd_create("syzkaller", 0) = 3
[pid 296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 296] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 296] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 296] cl(3) = 0
[pid 296] cl(4) = 0
[pid 296] mkdir("./file1", 0777) = 0
[pid 296] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 296] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 296] chdir("./file1") = 0
[pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 296] ioctl(4, LOOP_CLR_FD) = 0
[pid 296] cl(4) = 0
[pid 296] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 25.247056][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 25.264447][ T296] loop0: detected capacity change from 0 to 1024
[ 25.280404][ T296] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 296] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 296] ftruncate(4, 7) = 0
[pid 296] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 296] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 296] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 296] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 296] exit_group(0) = ?
[pid 296] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./1/file1/lost+found") = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file0") = 0
umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./1/file1/file0") = 0
umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file1") = 0
umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file2") = 0
umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file3") = 0
umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/file.cold") = 0
umount2("./1/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 25.302069][ T296] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 25.316757][ T296] EXT4-fs (loop0): pa ffff88811a5afbd0: logic 256, phys. 385, len 8
[ 25.324879][ T296] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 25.348020][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 122389932434896, count = 16
[ 25.363214][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 122389932434807, count = 100
[ 25.378347][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 122389932434800, count = 16
[ 25.393418][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 113728305728736, count = 16
[ 25.408424][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 113728305700985, count = 27759
[ 25.423710][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 113728305700976, count = 16
[ 25.438736][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 107100715934688, count = 16
[ 25.453742][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 107100715905138, count = 29561
[ 30.308901][ T289] EXT4-fs error: 35017 callbacks suppressed
[ 30.308918][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 107015139975520, count = 16
[ 30.329859][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 121398935515024, count = 16
[ 30.344882][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 121398935514990, count = 46
[ 30.359886][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 78370961264544, count = 16
[ 30.374969][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 78370961244501, count = 20047
[ 30.390235][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 78370961244496, count = 16
[ 30.405223][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 92647969428624, count = 16
[ 30.420208][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 92647969410898, count = 17740
[ 30.435475][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 92647969410896, count = 16
[ 30.450396][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 87245082085232, count = 16
unlink("./1/file1/memory.stat") = 0
umount2("./1/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./1/file1") = -1 EBUSY (Device or resource busy)
umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./1/file1") = 0
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555581971650) = 300
./strace-static-x86_64: Process 300 attached
[pid 300] set_robust_list(0x555581971660, 24) = 0
[pid 300] chdir("./2") = 0
[pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 300] setpgid(0, 0) = 0
[pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 300] write(3, "1000", 4) = 4
[pid 300] cl(3) = 0
[pid 300] symlink("/dev/binderfs", "./binderfs") = 0
[pid 300] write(1, "executing program\n", 18) = 18
[pid 300] memfd_create("syzkaller", 0) = 3
[pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 300] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 300] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 300] cl(3) = 0
[pid 300] cl(4) = 0
[pid 300] mkdir("./file1", 0777) = 0
[pid 300] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 300] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 300] chdir("./file1") = 0
[pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 300] ioctl(4, LOOP_CLR_FD) = 0
[pid 300] cl(4) = 0
[pid 300] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 34.480668][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 34.497838][ T300] loop0: detected capacity change from 0 to 1024
[ 34.510504][ T300] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 300] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 300] ftruncate(4, 7) = 0
[pid 300] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 300] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 300] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 300] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 300] exit_group(0) = ?
[pid 300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./2/file1/lost+found") = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./2/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file0") = 0
umount2("./2/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./2/file1/file0") = 0
umount2("./2/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file1") = 0
umount2("./2/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file2") = 0
umount2("./2/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file3") = 0
umount2("./2/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/file.cold") = 0
umount2("./2/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 34.532934][ T300] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 34.547867][ T300] EXT4-fs (loop0): pa ffff8881006fb348: logic 256, phys. 385, len 8
[ 34.555907][ T300] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 34.586704][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 9917096526592, count = 16
[ 34.601661][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 9917096526336, count = 258
[ 34.616575][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 9917096526336, count = 16
[ 34.631548][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 6116100669444, count = 379
[ 34.646427][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 6116100669440, count = 16
[ 34.661316][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 1125298484992, count = 16
[ 34.676224][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 1125298482696, count = 2309
[ 34.691248][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 1125298482688, count = 16
[ 34.970178][ T289] ==================================================================
[ 34.978376][ T289] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x2196/0x3fb0
[ 34.986374][ T289] Read of size 2 at addr ffff888125ccfff8 by task syz-executor184/289
[ 34.994511][ T289]
[ 34.996826][ T289] CPU: 0 PID: 289 Comm: syz-executor184 Not tainted 6.1.141-syzkaller-00039-g145c7fad733f #0
[ 35.006970][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 35.017023][ T289] Call Trace:
[ 35.020293][ T289]
[ 35.023218][ T289] __dump_stack+0x21/0x24
[ 35.027548][ T289] dump_stack_lvl+0xee/0x150
[ 35.032138][ T289] ? __cfi_dump_stack_lvl+0x8/0x8
[ 35.037161][ T289] ? ext4_ext_remove_space+0x2196/0x3fb0
[ 35.042802][ T289] print_address_description+0x71/0x210
[ 35.048354][ T289] print_report+0x4a/0x60
[ 35.052688][ T289] kasan_report+0x122/0x150
[ 35.057190][ T289] ? ext4_ext_remove_space+0x2196/0x3fb0
[ 35.062825][ T289] __asan_report_load2_noabort+0x14/0x20
[ 35.068453][ T289] ext4_ext_remove_space+0x2196/0x3fb0
[ 35.073956][ T289] ? __cfi_ext4_ext_remove_space+0x10/0x10
[ 35.079758][ T289] ? ext4_es_remove_extent+0x1d9/0x330
[ 35.085216][ T289] ext4_ext_truncate+0x200/0x320
[ 35.090143][ T289] ext4_truncate+0x9a6/0xf90
[ 35.094734][ T289] ? __cfi_ext4_truncate+0x10/0x10
[ 35.099843][ T289] ext4_evict_inode+0xcc3/0x1460
[ 35.104782][ T289] ? _raw_spin_unlock+0x4c/0x70
[ 35.109628][ T289] ? __cfi_ext4_evict_inode+0x10/0x10
[ 35.115001][ T289] ? _raw_spin_unlock+0x4c/0x70
[ 35.119849][ T289] ? inode_io_list_del+0x19b/0x1b0
[ 35.124952][ T289] ? __cfi_ext4_evict_inode+0x10/0x10
[ 35.130333][ T289] evict+0x493/0x890
[ 35.134225][ T289] ? __kasan_check_write+0x14/0x20
[ 35.139334][ T289] ? proc_nr_inodes+0x2f0/0x2f0
[ 35.144183][ T289] ? lockref_put_return+0x152/0x1c0
[ 35.149376][ T289] ? __cfi_lockref_put_return+0x10/0x10
[ 35.154917][ T289] ? __kasan_check_write+0x14/0x20
[ 35.160025][ T289] iput+0x620/0x670
[ 35.163827][ T289] do_unlinkat+0x375/0x6b0
[ 35.168237][ T289] ? __cfi_do_unlinkat+0x10/0x10
[ 35.173166][ T289] ? getname_flags+0x206/0x500
[ 35.178041][ T289] __x64_sys_unlink+0x49/0x50
[ 35.182711][ T289] x64_sys_call+0x958/0x9a0
[ 35.187219][ T289] do_syscall_64+0x4c/0xa0
[ 35.191719][ T289] ? clear_bhb_loop+0x30/0x80
[ 35.196394][ T289] ? clear_bhb_loop+0x30/0x80
[ 35.201066][ T289] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 35.206958][ T289] RIP: 0033:0x7f7f7439dd17
[ 35.211395][ T289] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 35.231074][ T289] RSP: 002b:00007ffec7187988 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[ 35.239494][ T289] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7f7439dd17
[ 35.247480][ T289] RDX: 00007ffec71879b0 RSI: 00007ffec7187a40 RDI: 00007ffec7187a40
[ 35.255448][ T289] RBP: 00007ffec7187a40 R08: 0000000000000000 R09: 0000000000000000
[ 35.263414][ T289] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffec7188b30
[ 35.271410][ T289] R13: 000055558197a700 R14: 431bde82d7b634db R15: 00007ffec7189bc0
[ 35.279380][ T289]
[ 35.282390][ T289]
[ 35.284705][ T289] The buggy address belongs to the physical page:
[ 35.291103][ T289] page:ffffea00049733c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x125ccf
[ 35.301335][ T289] flags: 0x4000000000000000(zone=1)
[ 35.306540][ T289] raw: 4000000000000000 ffffea000496d348 ffffea0004973388 0000000000000000
[ 35.315113][ T289] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 35.323680][ T289] page dumped because: kasan: bad access detected
[ 35.330076][ T289] page_owner tracks the page as freed
[ 35.335425][ T289] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 235, tgid 235 (sshd-session), ts 18134372733, free_ts 18217491400
[ 35.354880][ T289] post_alloc_hook+0x1f5/0x210
[ 35.359676][ T289] prep_new_page+0x1c/0x110
[ 35.364204][ T289] get_page_from_freelist+0x2c7b/0x2cf0
[ 35.369775][ T289] __alloc_pages+0x19e/0x3a0
[ 35.374385][ T289] __folio_alloc+0x12/0x40
[ 35.378822][ T289] handle_mm_fault+0x18ef/0x2640
[ 35.383783][ T289] do_user_addr_fault+0x905/0x1050
[ 35.388918][ T289] exc_page_fault+0x51/0xb0
[ 35.393447][ T289] asm_exc_page_fault+0x27/0x30
[ 35.398322][ T289] page last free stack trace:
[ 35.402998][ T289] free_unref_page_prepare+0x742/0x750
[ 35.408481][ T289] free_unref_page_list+0xba/0x7c0
[ 35.413627][ T289] release_pages+0xad1/0xb20
[ 35.418251][ T289] free_pages_and_swap_cache+0x86/0xa0
[ 35.423737][ T289] tlb_finish_mmu+0x1aa/0x370
[ 35.428675][ T289] unmap_region+0x28d/0x2e0
[ 35.433219][ T289] do_mas_align_munmap+0xb94/0x11b0
[ 35.438446][ T289] do_mas_munmap+0x241/0x2b0
[ 35.443070][ T289] __vm_munmap+0x19f/0x2f0
[ 35.447509][ T289] __x64_sys_munmap+0x6b/0x80
[ 35.452217][ T289] x64_sys_call+0x8a/0x9a0
[ 35.456650][ T289] do_syscall_64+0x4c/0xa0
[ 35.461062][ T289] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 35.466954][ T289]
[ 35.469289][ T289] Memory state around the buggy address:
[ 35.474910][ T289] ffff888125ccfe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.482964][ T289] ffff888125ccff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.491023][ T289] >ffff888125ccff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 35.499101][ T289] ^
[ 35.507086][ T289] ffff888125cd0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
unlink("./2/file1/memory.stat") = 0
umount2("./2/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./2/file1") = -1 EBUSY (Device or resource busy)
[ 35.515146][ T289] ffff888125cd0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 35.523200][ T289] ==================================================================
[ 35.531571][ T289] Disabling lock debugging due to kernel taint
[ 35.541736][ T28] kauditd_printk_skb: 11 callbacks suppressed
[ 35.541756][ T28] audit: type=1400 audit(1753025712.444:85): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 35.570044][ T28] audit: type=1400 audit(1753025712.444:86): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 35.571907][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 35.591514][ T28] audit: type=1400 audit(1753025712.444:87): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./2/file1") = 0
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./2") = 0
[ 35.618435][ T28] audit: type=1400 audit(1753025712.444:88): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 35.639088][ T28] audit: type=1400 audit(1753025712.444:89): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 305
./strace-static-x86_64: Process 305 attached
[pid 305] set_robust_list(0x555581971660, 24) = 0
[pid 305] chdir("./3") = 0
[pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 305] setpgid(0, 0) = 0
[pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 305] write(3, "1000", 4) = 4
[pid 305] cl(3) = 0
[pid 305] symlink("/dev/binderfs", "./binderfs") = 0
[pid 305] write(1, "executing program\n", 18executing program
) = 18
[pid 305] memfd_create("syzkaller", 0) = 3
[pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 305] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 305] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 305] cl(3) = 0
[pid 305] cl(4) = 0
[pid 305] mkdir("./file1", 0777) = 0
[ 35.659599][ T28] audit: type=1400 audit(1753025712.444:90): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 35.682551][ T28] audit: type=1400 audit(1753025712.444:91): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 35.707205][ T305] loop0: detected capacity change from 0 to 1024
[pid 305] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 305] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 305] chdir("./file1") = 0
[pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 305] ioctl(4, LOOP_CLR_FD) = 0
[pid 305] cl(4) = 0
[pid 305] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 305] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 305] ftruncate(4, 7) = 0
[pid 305] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 305] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 305] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 305] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 305] exit_group(0) = ?
[pid 305] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./3/file1/lost+found") = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./3/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file0") = 0
umount2("./3/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./3/file1/file0") = 0
umount2("./3/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file1") = 0
umount2("./3/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file2") = 0
umount2("./3/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file3") = 0
umount2("./3/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/file.cold") = 0
umount2("./3/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 35.720002][ T305] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 35.740553][ T305] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 35.755155][ T305] EXT4-fs (loop0): pa ffff888100736930: logic 256, phys. 385, len 8
[ 35.763199][ T305] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 35.799184][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 222012823440768, count = 16
[ 35.814310][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 222012823430084, count = 10693
[ 35.829703][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 222012823430080, count = 16
[ 35.844731][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 218647504839552, count = 16
[ 35.859738][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 218647504824773, count = 14789
[ 35.875006][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 218647504824768, count = 16
[ 35.890097][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 217521920164768, count = 16
[ 35.905106][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 217521920139065, count = 25713
unlink("./3/file1/memory.stat") = 0
umount2("./3/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./3/file1") = -1 EBUSY (Device or resource busy)
umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./3/file1") = 0
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 308
./strace-static-x86_64: Process 308 attached
[pid 308] set_robust_list(0x555581971660, 24) = 0
[pid 308] chdir("./4") = 0
[pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 308] setpgid(0, 0) = 0
[pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 308] write(3, "1000", 4) = 4
[pid 308] cl(3) = 0
[pid 308] symlink("/dev/binderfs", "./binderfs") = 0
[pid 308] write(1, "executing program\n", 18executing program
) = 18
[pid 308] memfd_create("syzkaller", 0) = 3
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 308] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 308] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 308] cl(3) = 0
[pid 308] cl(4) = 0
[pid 308] mkdir("./file1", 0777) = 0
[pid 308] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 308] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 308] chdir("./file1") = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 308] ioctl(4, LOOP_CLR_FD) = 0
[pid 308] cl(4) = 0
[pid 308] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 37.490052][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 37.516521][ T308] loop0: detected capacity change from 0 to 1024
[ 37.531387][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 308] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 308] ftruncate(4, 7) = 0
[pid 308] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 308] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 308] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 308] exit_group(0) = ?
[pid 308] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./4/file1/lost+found") = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./4/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file0") = 0
umount2("./4/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./4/file1/file0") = 0
umount2("./4/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file1") = 0
umount2("./4/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file2") = 0
umount2("./4/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file3") = 0
umount2("./4/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/file.cold") = 0
umount2("./4/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 37.553327][ T308] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 37.568259][ T308] EXT4-fs (loop0): pa ffff8881006fbd20: logic 256, phys. 385, len 8
[ 37.576313][ T308] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 37.611449][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 7520499, count = 0
[ 37.625773][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 50
[ 37.639582][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 5622896, count = 0
unlink("./4/file1/memory.stat") = 0
umount2("./4/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./4/file1") = -1 EBUSY (Device or resource busy)
umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./4/file1") = 0
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 312
./strace-static-x86_64: Process 312 attached
[pid 312] set_robust_list(0x555581971660, 24) = 0
[pid 312] chdir("./5") = 0
[pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 312] setpgid(0, 0) = 0
[pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 312] write(3, "1000", 4) = 4
[pid 312] cl(3) = 0
[pid 312] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 312] write(1, "executing program\n", 18) = 18
[pid 312] memfd_create("syzkaller", 0) = 3
[pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 312] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 37.653848][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 5622896, count = 16
[ 37.668212][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 365072220160, count = 19360
[ 37.686478][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 312] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 312] cl(3) = 0
[pid 312] cl(4) = 0
[pid 312] mkdir("./file1", 0777) = 0
[pid 312] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 312] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 312] chdir("./file1") = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 312] ioctl(4, LOOP_CLR_FD) = 0
[pid 312] cl(4) = 0
[pid 312] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 37.710575][ T312] loop0: detected capacity change from 0 to 1024
[ 37.729775][ T312] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 312] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 312] ftruncate(4, 7) = 0
[pid 312] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 312] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 312] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 312] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 312] exit_group(0) = ?
[pid 312] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./5/file1/lost+found") = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./5/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file0") = 0
umount2("./5/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./5/file1/file0") = 0
umount2("./5/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file1") = 0
umount2("./5/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file2") = 0
umount2("./5/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file3") = 0
umount2("./5/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/file.cold") = 0
umount2("./5/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/memory.stat") = 0
umount2("./5/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./5/file1") = -1 EBUSY (Device or resource busy)
[ 37.751218][ T312] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 37.765927][ T312] EXT4-fs (loop0): pa ffff88810bb40d20: logic 256, phys. 385, len 8
[ 37.773949][ T312] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./5/file1") = 0
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 315
./strace-static-x86_64: Process 315 attached
[pid 315] set_robust_list(0x555581971660, 24) = 0
executing program
[pid 315] chdir("./6") = 0
[pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 315] setpgid(0, 0) = 0
[pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 315] write(3, "1000", 4) = 4
[pid 315] cl(3) = 0
[pid 315] symlink("/dev/binderfs", "./binderfs") = 0
[pid 315] write(1, "executing program\n", 18) = 18
[pid 315] memfd_create("syzkaller", 0) = 3
[pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 315] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 315] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 315] cl(3) = 0
[pid 315] cl(4) = 0
[pid 315] mkdir("./file1", 0777) = 0
[pid 315] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 315] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 315] chdir("./file1") = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 315] ioctl(4, LOOP_CLR_FD) = 0
[pid 315] cl(4) = 0
[pid 315] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 37.803691][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 37.826800][ T315] loop0: detected capacity change from 0 to 1024
[ 37.840296][ T315] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 315] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 315] ftruncate(4, 7) = 0
[pid 315] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 315] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 315] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 315] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 315] exit_group(0) = ?
[pid 315] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./6/file1/lost+found") = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./6/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file0") = 0
umount2("./6/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./6/file1/file0") = 0
umount2("./6/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file1") = 0
umount2("./6/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file2") = 0
umount2("./6/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file3") = 0
umount2("./6/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/file.cold") = 0
umount2("./6/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 37.861219][ T315] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 37.875867][ T315] EXT4-fs (loop0): pa ffff88810bb15dc8: logic 256, phys. 385, len 8
[ 37.883954][ T315] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 37.915219][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 122485813664448, count = 16
[ 37.930313][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 122485813636191, count = 28265
[ 37.945597][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 122485813636176, count = 16
[ 37.960658][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 119221520883152, count = 16
[ 37.975771][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 119221520853343, count = 29810
[ 37.991070][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 128043312927952, count = 16
[ 38.006164][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 128043312903026, count = 24927
[ 38.021580][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 128043312903024, count = 16
unlink("./6/file1/memory.stat") = 0
umount2("./6/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./6/file1") = -1 EBUSY (Device or resource busy)
umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./6/file1") = 0
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 318
./strace-static-x86_64: Process 318 attached
[pid 318] set_robust_list(0x555581971660, 24) = 0
[pid 318] chdir("./7") = 0
[pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 318] setpgid(0, 0) = 0
[pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 318] write(3, "1000", 4) = 4
[pid 318] cl(3) = 0
[pid 318] symlink("/dev/binderfs", "./binderfs") = 0
[pid 318] write(1, "executing program\n", 18executing program
) = 18
[pid 318] memfd_create("syzkaller", 0) = 3
[pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 318] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 318] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 318] cl(3) = 0
[pid 318] cl(4) = 0
[pid 318] mkdir("./file1", 0777) = 0
[ 38.439464][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 38.469619][ T318] loop0: detected capacity change from 0 to 1024
[pid 318] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 318] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 318] chdir("./file1") = 0
[pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 318] ioctl(4, LOOP_CLR_FD) = 0
[pid 318] cl(4) = 0
[pid 318] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 38.489897][ T318] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 38.511568][ T318] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 38.526430][ T318] EXT4-fs (loop0): pa ffff88810bb15a80: logic 256, phys. 385, len 8
[pid 318] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 318] ftruncate(4, 7) = 0
[pid 318] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 318] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 318] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 318] exit_group(0) = ?
[pid 318] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./7/file1/lost+found") = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./7/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file0") = 0
umount2("./7/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./7/file1/file0") = 0
umount2("./7/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file1") = 0
umount2("./7/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file2") = 0
umount2("./7/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file3") = 0
umount2("./7/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/file.cold") = 0
umount2("./7/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 38.534575][ T318] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 38.566998][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 111502425311936, count = 16
[ 38.582116][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 111502425285740, count = 26207
[ 38.597525][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 111502425285728, count = 16
[ 38.612543][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 427080822384, count = 16
[ 38.627383][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 427080810496, count = 11892
[ 38.642432][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 427080810496, count = 16
[ 38.657383][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 128039222760672, count = 16
[ 38.672563][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 128039222736242, count = 24436
unlink("./7/file1/memory.stat") = 0
umount2("./7/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./7/file1") = -1 EBUSY (Device or resource busy)
umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./7/file1") = 0
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555581971650) = 321
./strace-static-x86_64: Process 321 attached
[pid 321] set_robust_list(0x555581971660, 24) = 0
[pid 321] chdir("./8") = 0
[pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 321] setpgid(0, 0) = 0
[pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 321] write(3, "1000", 4) = 4
[pid 321] cl(3) = 0
[pid 321] symlink("/dev/binderfs", "./binderfs") = 0
[pid 321] write(1, "executing program\n", 18) = 18
[pid 321] memfd_create("syzkaller", 0) = 3
[pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 321] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 321] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 321] cl(3) = 0
[pid 321] cl(4) = 0
[pid 321] mkdir("./file1", 0777) = 0
[ 38.813639][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 38.831643][ T321] loop0: detected capacity change from 0 to 1024
[pid 321] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 321] chdir("./file1") = 0
[pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 321] ioctl(4, LOOP_CLR_FD) = 0
[pid 321] cl(4) = 0
[pid 321] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 38.855162][ T321] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 38.877952][ T321] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 38.892885][ T321] EXT4-fs (loop0): pa ffff88810bb64bd0: logic 256, phys. 385, len 8
[pid 321] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 321] ftruncate(4, 7) = 0
[pid 321] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 321] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 321] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 321] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 321] exit_group(0) = ?
[pid 321] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./8/file1/lost+found") = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./8/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file0") = 0
umount2("./8/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./8/file1/file0") = 0
umount2("./8/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file1") = 0
umount2("./8/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file2") = 0
umount2("./8/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file3") = 0
umount2("./8/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/file.cold") = 0
umount2("./8/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 38.901033][ T321] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 38.931884][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 17120, count = 16
[ 38.946096][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 17080, count = 44
[ 38.960377][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 17072, count = 16
[ 38.974549][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 11313183003184, count = 16
[ 38.989605][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 11313183002638, count = 560
unlink("./8/file1/memory.stat") = 0
umount2("./8/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./8/file1") = -1 EBUSY (Device or resource busy)
[ 39.004708][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 11313183002624, count = 16
[ 39.019653][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 269369712, count = 16
[ 39.034174][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 269369600, count = 121
umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./8/file1") = 0
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 324
./strace-static-x86_64: Process 324 attached
[pid 324] set_robust_list(0x555581971660, 24) = 0
[pid 324] chdir("./9") = 0
[pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 324] setpgid(0, 0) = 0
[pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 324] write(3, "1000", 4) = 4
[pid 324] cl(3) = 0
[pid 324] symlink("/dev/binderfs", "./binderfs") = 0
[pid 324] write(1, "executing program\n", 18) = 18
[pid 324] memfd_create("syzkaller", 0) = 3
[pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 324] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 324] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 324] cl(3) = 0
[pid 324] cl(4) = 0
[pid 324] mkdir("./file1", 0777) = 0
[ 39.057275][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 39.080491][ T324] loop0: detected capacity change from 0 to 1024
[pid 324] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 324] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 324] chdir("./file1") = 0
[pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 324] ioctl(4, LOOP_CLR_FD) = 0
[pid 324] cl(4) = 0
[pid 324] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 324] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 324] ftruncate(4, 7) = 0
[pid 324] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 324] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 324] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 324] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 324] exit_group(0) = ?
[pid 324] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./9/file1/lost+found") = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./9/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file0") = 0
umount2("./9/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./9/file1/file0") = 0
umount2("./9/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file1") = 0
umount2("./9/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file2") = 0
umount2("./9/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file3") = 0
umount2("./9/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/file.cold") = 0
umount2("./9/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 39.100247][ T324] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 39.122154][ T324] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 39.136863][ T324] EXT4-fs (loop0): pa ffff88810bb15348: logic 256, phys. 385, len 8
[ 39.144896][ T324] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 39.174829][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 241359600322640, count = 16
[ 39.190115][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 241359600310888, count = 11767
[ 39.205460][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 241359600310880, count = 16
[ 39.220458][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 23358442856240, count = 16
[ 39.235613][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 23358442847562, count = 8679
[ 39.250685][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 124512128020848, count = 16
[ 39.265700][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 124512128006302, count = 14552
[ 39.280937][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 124512128006288, count = 16
unlink("./9/file1/memory.stat") = 0
umount2("./9/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./9/file1") = -1 EBUSY (Device or resource busy)
umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./9/file1") = 0
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 327
./strace-static-x86_64: Process 327 attached
[pid 327] set_robust_list(0x555581971660, 24) = 0
[pid 327] chdir("./10"executing program
) = 0
[pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 327] setpgid(0, 0) = 0
[pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 327] write(3, "1000", 4) = 4
[pid 327] cl(3) = 0
[pid 327] symlink("/dev/binderfs", "./binderfs") = 0
[pid 327] write(1, "executing program\n", 18) = 18
[pid 327] memfd_create("syzkaller", 0) = 3
[pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 327] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 327] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 327] cl(3) = 0
[pid 327] cl(4) = 0
[pid 327] mkdir("./file1", 0777) = 0
[pid 327] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 327] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 327] chdir("./file1") = 0
[pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 327] ioctl(4, LOOP_CLR_FD) = 0
[pid 327] cl(4) = 0
[pid 327] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 39.365104][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 39.387781][ T327] loop0: detected capacity change from 0 to 1024
[ 39.400090][ T327] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 327] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 327] ftruncate(4, 7) = 0
[pid 327] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 327] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 327] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 327] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 327] exit_group(0) = ?
[pid 327] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./10/file1/lost+found") = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./10/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file0") = 0
umount2("./10/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./10/file1/file0") = 0
umount2("./10/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file1") = 0
umount2("./10/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file2") = 0
umount2("./10/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file3") = 0
umount2("./10/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/file.cold") = 0
umount2("./10/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 39.421340][ T327] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 39.436047][ T327] EXT4-fs (loop0): pa ffff88810bb15540: logic 256, phys. 385, len 8
[ 39.444094][ T327] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
unlink("./10/file1/memory.stat") = 0
umount2("./10/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./10/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./10/file1") = -1 EBUSY (Device or resource busy)
[ 39.474545][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 1074685984, count = 16
[ 39.489316][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 1074664128, count = 21861
[ 39.504152][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 70596377466213, count = 9616
umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./10/file1") = 0
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 330
./strace-static-x86_64: Process 330 attached
[pid 330] set_robust_list(0x555581971660, 24) = 0
[pid 330] chdir("./11") = 0
[pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 330] setpgid(0, 0) = 0
[pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 330] write(3, "1000", 4) = 4
[pid 330] cl(3) = 0
[pid 330] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 330] write(1, "executing program\n", 18) = 18
[pid 330] memfd_create("syzkaller", 0) = 3
[pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 330] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 330] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 330] cl(3) = 0
[pid 330] cl(4) = 0
[pid 330] mkdir("./file1", 0777) = 0
[pid 330] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 330] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 330] chdir("./file1") = 0
[pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 330] ioctl(4, LOOP_CLR_FD) = 0
[pid 330] cl(4) = 0
[pid 330] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 39.522770][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 39.544745][ T330] loop0: detected capacity change from 0 to 1024
[ 39.560142][ T330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 330] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 330] ftruncate(4, 7) = 0
[pid 330] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 330] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 330] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 330] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 330] exit_group(0) = ?
[pid 330] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./11/file1/lost+found") = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./11/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file0") = 0
umount2("./11/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./11/file1/file0") = 0
umount2("./11/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file1") = 0
umount2("./11/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file2") = 0
umount2("./11/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file3") = 0
umount2("./11/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/file.cold") = 0
[ 39.583086][ T330] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 39.597753][ T330] EXT4-fs (loop0): pa ffff88810bbc19d8: logic 256, phys. 385, len 8
[ 39.605810][ T330] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./11/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 39.631466][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 123580929138768, count = 16
[ 39.646748][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 123580929109548, count = 29228
[ 39.662072][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 123580929109536, count = 16
[ 39.677241][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 115974441376928, count = 16
[ 39.692361][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 115974441368167, count = 8762
[ 39.707775][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 115974441368160, count = 16
unlink("./11/file1/memory.stat") = 0
umount2("./11/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./11/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./11/file1") = -1 EBUSY (Device or resource busy)
umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./11/file1") = 0
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 333
./strace-static-x86_64: Process 333 attached
[pid 333] set_robust_list(0x555581971660, 24) = 0
[pid 333] chdir("./12") = 0
[pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 333] setpgid(0, 0) = 0
[pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 333] write(3, "1000", 4) = 4
[pid 333] cl(3) = 0
[pid 333] symlink("/dev/binderfs", "./binderfs") = 0
[pid 333] write(1, "executing program\n", 18executing program
) = 18
[pid 333] memfd_create("syzkaller", 0) = 3
[pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 333] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 39.722790][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 79639237082080, count = 16
[ 39.737769][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 79639237063280, count = 18804
[ 39.759770][ T289] EXT4-fs (loop0): unmounting filesystem.
[pid 333] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 333] cl(3) = 0
[pid 333] cl(4) = 0
[pid 333] mkdir("./file1", 0777) = 0
[pid 333] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 333] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 333] chdir("./file1") = 0
[pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 333] ioctl(4, LOOP_CLR_FD) = 0
[pid 333] cl(4) = 0
[pid 333] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 39.785125][ T333] loop0: detected capacity change from 0 to 1024
[ 39.800487][ T333] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 39.821151][ T333] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[pid 333] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 333] ftruncate(4, 7) = 0
[pid 333] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 333] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 333] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 333] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 333] exit_group(0) = ?
[pid 333] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./12/file1/lost+found") = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./12/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file0") = 0
umount2("./12/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./12/file1/file0") = 0
umount2("./12/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file1") = 0
umount2("./12/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file2") = 0
umount2("./12/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file3") = 0
umount2("./12/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/file.cold") = 0
umount2("./12/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 39.835774][ T333] EXT4-fs (loop0): pa ffff88810bbe83f0: logic 256, phys. 385, len 8
[ 39.843834][ T333] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 39.878194][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 158484544893984, count = 16
[ 39.893399][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 158484544880640, count = 13353
[ 39.908713][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 16494824303657, count = 0
[ 39.923592][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 16494824303648, count = 16
[ 39.938632][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 175299090190496, count = 16
[ 39.953655][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 175299090186416, count = 4083
[ 39.968801][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 105710275750928, count = 16
[ 39.983808][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 105710275727347, count = 23593
unlink("./12/file1/memory.stat") = 0
umount2("./12/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./12/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./12/file1") = -1 EBUSY (Device or resource busy)
umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./12/file1") = 0
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555581971650) = 336
./strace-static-x86_64: Process 336 attached
[pid 336] set_robust_list(0x555581971660, 24) = 0
[pid 336] chdir("./13") = 0
[pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 336] setpgid(0, 0) = 0
[pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 336] write(3, "1000", 4) = 4
[pid 336] cl(3) = 0
[pid 336] symlink("/dev/binderfs", "./binderfs") = 0
[pid 336] write(1, "executing program\n", 18) = 18
[pid 336] memfd_create("syzkaller", 0) = 3
[pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 336] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 336] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 336] cl(3) = 0
[pid 336] cl(4) = 0
[pid 336] mkdir("./file1", 0777) = 0
[pid 336] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 336] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 336] chdir("./file1") = 0
[pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 336] ioctl(4, LOOP_CLR_FD) = 0
[pid 336] cl(4) = 0
[pid 336] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 40.112261][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 40.131375][ T336] loop0: detected capacity change from 0 to 1024
[ 40.149891][ T336] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 336] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 336] ftruncate(4, 7) = 0
[pid 336] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 336] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 336] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 336] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 336] exit_group(0) = ?
[pid 336] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./13/file1/lost+found") = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./13/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file0") = 0
umount2("./13/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./13/file1/file0") = 0
umount2("./13/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file1") = 0
umount2("./13/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file2") = 0
umount2("./13/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file3") = 0
umount2("./13/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/file.cold") = 0
umount2("./13/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 40.173205][ T336] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 40.187813][ T336] EXT4-fs (loop0): pa ffff88810bb8e0a8: logic 256, phys. 385, len 8
[ 40.195837][ T336] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 40.230272][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 225180222885104, count = 16
[ 40.245444][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 225180222865457, count = 19660
[ 40.260722][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 225180222865456, count = 16
[ 40.275881][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 257285720908000, count = 16
[ 40.290926][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 257285720898952, count = 9063
[ 40.306204][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 257285720898944, count = 16
[ 40.321226][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 216058329844368, count = 16
[ 40.336221][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 216058329825744, count = 18627
unlink("./13/file1/memory.stat") = 0
umount2("./13/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./13/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./13/file1") = -1 EBUSY (Device or resource busy)
umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./13/file1") = 0
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555581971650) = 339
./strace-static-x86_64: Process 339 attached
[pid 339] set_robust_list(0x555581971660, 24) = 0
[pid 339] chdir("./14") = 0
[pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 339] setpgid(0, 0) = 0
[pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 339] write(3, "1000", 4) = 4
[pid 339] cl(3) = 0
[pid 339] symlink("/dev/binderfs", "./binderfs") = 0
[pid 339] write(1, "executing program\n", 18) = 18
[pid 339] memfd_create("syzkaller", 0) = 3
[pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 339] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 339] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 339] cl(3) = 0
[pid 339] cl(4) = 0
[pid 339] mkdir("./file1", 0777) = 0
[pid 339] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 339] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 339] chdir("./file1") = 0
[pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 339] ioctl(4, LOOP_CLR_FD) = 0
[pid 339] cl(4) = 0
[pid 339] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 40.949221][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 40.973060][ T339] loop0: detected capacity change from 0 to 1024
[ 40.989798][ T339] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 339] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 339] ftruncate(4, 7) = 0
[pid 339] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 339] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 339] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 339] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 339] exit_group(0) = ?
[pid 339] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./14/file1/lost+found") = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./14/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file0") = 0
umount2("./14/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./14/file1/file0") = 0
umount2("./14/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file1") = 0
umount2("./14/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file2") = 0
umount2("./14/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file3") = 0
umount2("./14/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/file.cold") = 0
umount2("./14/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 41.011306][ T339] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 41.026012][ T339] EXT4-fs (loop0): pa ffff888107c05930: logic 256, phys. 385, len 8
[ 41.034057][ T339] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 41.064912][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 0
[ 41.078743][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 16
[ 41.092550][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 0
[ 41.106250][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 16
[ 41.120198][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 0
[ 41.133908][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 16
[ 41.147655][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 0
unlink("./14/file1/memory.stat") = 0
umount2("./14/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./14/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./14/file1") = -1 EBUSY (Device or resource busy)
umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./14/file1") = 0
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 342
./strace-static-x86_64: Process 342 attached
[pid 342] set_robust_list(0x555581971660, 24) = 0
[pid 342] chdir("./15") = 0
[pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 342] setpgid(0, 0) = 0
[pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 342] write(3, "1000", 4) = 4
[pid 342] cl(3) = 0
[pid 342] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 342] write(1, "executing program\n", 18) = 18
[pid 342] memfd_create("syzkaller", 0) = 3
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 342] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 342] cl(3) = 0
[pid 342] cl(4) = 0
[pid 342] mkdir("./file1", 0777) = 0
[ 41.161388][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 0, count = 16
[ 41.180192][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 41.204692][ T342] loop0: detected capacity change from 0 to 1024
[pid 342] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 342] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 342] chdir("./file1") = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_CLR_FD) = 0
[pid 342] cl(4) = 0
[pid 342] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 41.219781][ T342] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 41.242115][ T342] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 41.256737][ T342] EXT4-fs (loop0): pa ffff88810bb8e3f0: logic 256, phys. 385, len 8
[pid 342] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 342] ftruncate(4, 7) = 0
[pid 342] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 342] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 342] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 342] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 342] exit_group(0) = ?
[pid 342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./15/file1/lost+found") = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./15/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file0") = 0
umount2("./15/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./15/file1/file0") = 0
umount2("./15/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file1") = 0
umount2("./15/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file2") = 0
umount2("./15/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file3") = 0
umount2("./15/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/file.cold") = 0
umount2("./15/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/memory.stat") = 0
umount2("./15/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./15/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./15/file1") = -1 EBUSY (Device or resource busy)
[ 41.264778][ T342] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./15/file1") = 0
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 345
./strace-static-x86_64: Process 345 attached
[pid 345] set_robust_list(0x555581971660, 24) = 0
executing program
[pid 345] chdir("./16") = 0
[pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 345] setpgid(0, 0) = 0
[pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 345] write(3, "1000", 4) = 4
[pid 345] cl(3) = 0
[pid 345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 345] write(1, "executing program\n", 18) = 18
[pid 345] memfd_create("syzkaller", 0) = 3
[pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 345] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 345] cl(3) = 0
[pid 345] cl(4) = 0
[pid 345] mkdir("./file1", 0777) = 0
[pid 345] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 345] chdir("./file1") = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_CLR_FD) = 0
[pid 345] cl(4) = 0
[pid 345] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 41.302410][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 41.323456][ T345] loop0: detected capacity change from 0 to 1024
[ 41.339806][ T345] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 345] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 345] ftruncate(4, 7) = 0
[pid 345] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 345] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 345] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 345] exit_group(0) = ?
[pid 345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./16/file1/lost+found") = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./16/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file0") = 0
umount2("./16/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./16/file1/file0") = 0
umount2("./16/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file1") = 0
umount2("./16/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file2") = 0
umount2("./16/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file3") = 0
umount2("./16/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/file.cold") = 0
umount2("./16/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 41.361656][ T345] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 41.376309][ T345] EXT4-fs (loop0): pa ffff88810bb8ee70: logic 256, phys. 385, len 8
[ 41.384335][ T345] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 41.413497][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 76211819659664, count = 16
[ 41.428545][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 76211819642962, count = 16709
[ 41.443779][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 76211819642960, count = 16
[ 41.458799][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 79454198344592, count = 16
[ 41.473878][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 79454198320201, count = 24404
[ 41.489320][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 79454198320192, count = 16
[ 41.504360][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 109342622014576, count = 16
[ 41.519429][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 109342621985908, count = 28672
unlink("./16/file1/memory.stat") = 0
umount2("./16/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./16/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./16/file1") = -1 EBUSY (Device or resource busy)
umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
rmdir("./16/file1") = 0
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x555581971660, 24) = 0
[pid 348] chdir("./17") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] cl(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] write(1, "executing program\n", 18) = 18
[pid 348] memfd_create("syzkaller", 0) = 3
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 348] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 348] cl(3) = 0
[pid 348] cl(4) = 0
[pid 348] mkdir("./file1", 0777) = 0
[pid 348] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[ 42.197383][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 42.227354][ T348] loop0: detected capacity change from 0 to 1024
[pid 348] chdir("./file1") = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_CLR_FD) = 0
[pid 348] cl(4) = 0
[pid 348] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 348] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 348] ftruncate(4, 7) = 0
[pid 348] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 348] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 348] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./17/file1/lost+found") = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./17/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file0") = 0
umount2("./17/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./17/file1/file0") = 0
umount2("./17/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file1") = 0
umount2("./17/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file2") = 0
umount2("./17/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file3") = 0
umount2("./17/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/file.cold") = 0
umount2("./17/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/memory.stat") = 0
umount2("./17/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./17/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
cl(4) = 0
rmdir("./17/file1") = -1 EBUSY (Device or resource busy)
[ 42.240241][ T348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 42.262606][ T348] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 42.277427][ T348] EXT4-fs (loop0): pa ffff888107c41930: logic 256, phys. 385, len 8
[ 42.285493][ T348] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./17/file1") = 0
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 351
./strace-static-x86_64: Process 351 attached
[pid 351] set_robust_list(0x555581971660, 24) = 0
[pid 351] chdir("./18") = 0
[pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 351] setpgid(0, 0) = 0
[pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 351] write(3, "1000", 4) = 4
[pid 351] cl(3) = 0
[pid 351] symlink("/dev/binderfs", "./binderfs") = 0
[pid 351] write(1, "executing program\n", 18) = 18
[pid 351] memfd_create("syzkaller", 0) = 3
[pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 351] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 351] cl(3) = 0
[pid 351] cl(4) = 0
[pid 351] mkdir("./file1", 0777) = 0
[pid 351] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 351] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 351] chdir("./file1") = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_CLR_FD) = 0
[pid 351] cl(4) = 0
[pid 351] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 42.318972][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 42.336776][ T351] loop0: detected capacity change from 0 to 1024
[ 42.350198][ T351] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 351] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 351] ftruncate(4, 7) = 0
[pid 351] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 351] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 351] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 351] exit_group(0) = ?
[pid 351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./18/file1/lost+found") = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./18/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file0") = 0
umount2("./18/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./18/file1/file0") = 0
umount2("./18/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file1") = 0
umount2("./18/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file2") = 0
umount2("./18/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file3") = 0
umount2("./18/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/file.cold") = 0
umount2("./18/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/memory.stat") = 0
umount2("./18/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./18/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/file1/bus") = 0
getdents64(4, 0x55558197a730 /* 0 entries */, 32768) = 0
[ 42.371058][ T351] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 42.385653][ T351] EXT4-fs (loop0): pa ffff888107c18c78: logic 256, phys. 385, len 8
[ 42.393681][ T351] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
cl(4) = 0
rmdir("./18/file1") = -1 EBUSY (Device or resource busy)
umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
rmdir("./18/file1") = 0
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
getdents64(3, 0x5555819726f0 /* 0 entries */, 32768) = 0
cl(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
cl(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581971650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x555581971660, 24) = 0
[pid 354] chdir("./19") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] cl(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs") = 0
[pid 354] write(1, "executing program\n", 18) = 18
[pid 354] memfd_create("syzkaller", 0) = 3
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f6bf5f000
[pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 354] munmap(0x7f7f6bf5f000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 354] cl(3) = 0
[pid 354] cl(4) = 0
[pid 354] mkdir("./file1", 0777) = 0
[pid 354] mount("/dev/loop0", "./file1", "ext4", MS_NODEV|MS_NOEXEC|MS_MANDLOCK|MS_STRICTATIME, ",errors=continue") = 0
[pid 354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 354] chdir("./file1") = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_CLR_FD) = 0
[pid 354] cl(4) = 0
[pid 354] openat(AT_FDCWD, "memory.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 42.426817][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 42.444647][ T354] loop0: detected capacity change from 0 to 1024
[ 42.460633][ T354] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[pid 354] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 376832
[pid 354] ftruncate(4, 7) = 0
[pid 354] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5
[pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 354] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6
[pid 354] fallocate(6, 0, 0, 134220898) = -1 ENOSPC (No space left on device)
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=6} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555819726f0 /* 4 entries */, 32768) = 112
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558197a730 /* 10 entries */, 32768) = 296
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 2 entries */, 32768) = 48
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./19/file1/lost+found") = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5
newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0
getdents64(5, 0x555581982770 /* 4 entries */, 32768) = 112
umount2("./19/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file0") = 0
umount2("./19/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file0/file1") = 0
getdents64(5, 0x555581982770 /* 0 entries */, 32768) = 0
cl(5) = 0
rmdir("./19/file1/file0") = 0
umount2("./19/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file1", {st_mode=S_IFREG|0755, st_size=360448, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file1") = 0
umount2("./19/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file2") = 0
umount2("./19/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file3") = 0
umount2("./19/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/file1/file.cold") = 0
umount2("./19/file1/memory.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file1/memory.stat", {st_mode=S_IFREG|000, st_size=7, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 42.482693][ T354] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 42.497384][ T354] EXT4-fs (loop0): pa ffff888107c41c78: logic 256, phys. 385, len 8
[ 42.505430][ T354] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 42.532826][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 79168952816080, count = 16
[ 42.547954][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 79168952808845, count = 7247
[ 42.563044][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 79168952808832, count = 16
[ 42.577975][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 76896325978656, count = 16
[ 42.592991][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 76896325976113, count = 2559
[ 42.608113][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 76896325976112, count = 16
[ 42.623040][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 67675800986032, count = 16
[ 42.637999][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 67675800967605, count = 18432
unlink("./19/file1/memory.stat") = 0
executing program
[ 44.120729][ T286] strace-static-x[286]: segfault at 4172a8 ip 0000000000416a60 sp 00007fffa58c13a8 error 7 in strace-static-x86_64[401000+130000] likely on CPU 1 (core 0, socket 0)
[ 44.137490][ T286] Code: 00 00 00 00 00 00 e8 8f 63 05 00 00 00 00 00 00 00 00 75 9e c6 05 00 00 00 00 00 00 00 00 66 2e 0f 1f 00 00 00 00 00 00 00 00 05 3e 08 00 00 00 00 00 00 00 00 1f 44 00 00 00 00 00 00 00 00
[ 44.159516][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 44.177240][ T357] loop0: detected capacity change from 0 to 1024
[ 44.190346][ T357] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 44.210250][ T357] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
executing program
[ 44.224848][ T357] EXT4-fs (loop0): pa ffff888107c7c498: logic 256, phys. 385, len 8
[ 44.232880][ T357] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 44.257307][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 44.272060][ T360] loop0: detected capacity change from 0 to 1024
[ 44.289833][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 44.309892][ T360] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
executing program
[ 44.324470][ T360] EXT4-fs (loop0): pa ffff888107c6ca80: logic 256, phys. 385, len 8
[ 44.332515][ T360] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 44.352925][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 44.371903][ T363] loop0: detected capacity change from 0 to 1024
[ 44.389882][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 44.410154][ T363] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 44.424849][ T363] EXT4-fs (loop0): pa ffff888107c7c930: logic 256, phys. 385, len 8
executing program
[ 44.432982][ T363] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 44.456064][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 44.470900][ T366] loop0: detected capacity change from 0 to 1024
[ 44.481232][ T366] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 44.498387][ T366] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 44.513192][ T366] EXT4-fs (loop0): pa ffff888107c6cf18: logic 256, phys. 385, len 8
[ 44.521303][ T366] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
executing program
[ 44.546378][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 44.579590][ T369] loop0: detected capacity change from 0 to 1024
[ 44.600942][ T369] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
executing program
[ 44.620716][ T369] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 44.635329][ T369] EXT4-fs (loop0): pa ffff888107c6c930: logic 256, phys. 385, len 8
[ 44.643380][ T369] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 44.663163][ T289] EXT4-fs (loop0): unmounting filesystem.
[ 44.681421][ T372] loop0: detected capacity change from 0 to 1024
[ 44.699664][ T372] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 44.720437][ T372] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz-executor184: Allocating blocks 497-513 which overlap fs metadata
[ 44.735198][ T372] EXT4-fs (loop0): pa ffff888107ca62a0: logic 256, phys. 385, len 8
[ 44.743440][ T372] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1
[ 44.765497][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 22683881344, count = 16
[ 44.780196][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 22683879752, count = 1608
[ 44.795135][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 22683879744, count = 16
[ 44.809880][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 22599593726080, count = 16
[ 44.824901][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 22599593707658, count = 18433
[ 44.840286][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 22599593707648, count = 16
[ 44.855228][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 211671176013313, count = 5
[ 44.870192][ T289] EXT4-fs error (device loop0): ext4_free_blocks:6210: comm syz-executor184: Freeing blocks not in datazone - block = 211671176013312, count = 16
executing program