./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1459889304

<...>
00, st_size=4096, ...}) = 0
umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
[   54.050235][   T22] audit: type=1400 audit(1656346858.520:84): avc:  denied  { remove_name } for  pid=137 comm="syslogd" name="messages" dev="tmpfs" ino=1008 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   54.079050][   T22] audit: type=1400 audit(1656346858.520:85): avc:  denied  { rename } for  pid=137 comm="syslogd" name="messages" dev="tmpfs" ino=1008 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
close(4)                                = 0
rmdir("./237/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./237")                          = 0
mkdir("./238", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1484
./strace-static-x86_64: Process 1484 attached
[pid  1484] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1484] chdir("./238")              = 0
[pid  1484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1484] setpgid(0, 0)               = 0
[pid  1484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1484] write(3, "1000", 4)         = 4
[pid  1484] close(3)                    = 0
[pid  1484] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1484] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1484] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1484] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1485], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1485
[pid  1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1484] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1485 attached
 <unfinished ...>
[pid  1485] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1485] memfd_create("syzkaller", 0) = 3
[pid  1485] ftruncate(3, 2097152)       = 0
[pid  1485] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1485] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1485] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1485] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1485] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1485] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1485] mkdir("./file0", 0777)      = 0
[pid  1485] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1485] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1485] close(4)                    = 0
[pid  1485] close(3)                    = 0
[pid  1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1484] <... futex resumed>)        = 0
[pid  1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1484] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1485] <... futex resumed>)        = 1
[pid  1485] chdir("./file0")            = 0
[pid  1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1484] <... futex resumed>)        = 0
[pid  1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1484] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1485] <... futex resumed>)        = 1
[pid  1485] creat("./file0", 000)       = 3
[pid  1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1484] <... futex resumed>)        = 0
[pid  1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1484] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1484] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1484] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1488], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1488
[pid  1484] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1484] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1485] <... futex resumed>)        = 1
[pid  1485] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1485] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1488 attached
 <unfinished ...>
[pid  1488] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1488] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1488] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1484] <... futex resumed>)        = 0
[pid  1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1484] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1485] <... futex resumed>)        = 0
[pid  1485] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1484] <... futex resumed>)        = 0
[pid  1484] exit_group(0)               = ?
[pid  1485] <... futex resumed>)        = ?
[pid  1485] +++ exited with 0 +++
[pid  1488] +++ exited with 0 +++
[pid  1484] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1484, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./238/binderfs")                = 0
[   54.176336][ T1488] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   54.192844][ T1488] EXT4-fs (loop0): pa ffff8881ed9caf18: logic 16, phys. 128, len 24
[   54.200863][ T1488] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./238/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./238")                          = 0
mkdir("./239", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1489
./strace-static-x86_64: Process 1489 attached
[pid  1489] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1489] chdir("./239")              = 0
[pid  1489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1489] setpgid(0, 0)               = 0
[pid  1489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1489] write(3, "1000", 4)         = 4
[pid  1489] close(3)                    = 0
[pid  1489] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1489] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1489] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1489] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1490 attached
, parent_tid=[1490], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1490
[pid  1490] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1490] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1490] <... futex resumed>)        = 0
[pid  1489] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1490] memfd_create("syzkaller", 0) = 3
[pid  1490] ftruncate(3, 2097152)       = 0
[pid  1490] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1490] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1490] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1490] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1490] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1490] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1490] mkdir("./file0", 0777)      = 0
[pid  1490] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1490] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1490] close(4)                    = 0
[pid  1490] close(3)                    = 0
[pid  1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1489] <... futex resumed>)        = 0
[pid  1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1489] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1490] chdir("./file0")            = 0
[pid  1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1489] <... futex resumed>)        = 0
[pid  1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1489] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1490] creat("./file0", 000)       = 3
[pid  1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1489] <... futex resumed>)        = 0
[pid  1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1489] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1489] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1489] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1493], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1493
[pid  1489] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1489] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1490] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1490] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1493 attached
 <unfinished ...>
[pid  1493] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1493] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1493] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1489] <... futex resumed>)        = 0
[pid  1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1490] <... futex resumed>)        = 0
[pid  1489] <... futex resumed>)        = 1
[pid  1490] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1489] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1490] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1489] <... futex resumed>)        = 0
[pid  1490] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1489] exit_group(0 <unfinished ...>
[pid  1490] <... futex resumed>)        = ?
[pid  1490] +++ exited with 0 +++
[pid  1489] <... exit_group resumed>)   = ?
[pid  1493] +++ exited with 0 +++
[pid  1489] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1489, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./239/binderfs")                = 0
[   54.297674][ T1493] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   54.314269][ T1493] EXT4-fs (loop0): pa ffff8881ed9cab28: logic 16, phys. 128, len 24
[   54.322287][ T1493] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./239/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./239")                          = 0
mkdir("./240", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1494
./strace-static-x86_64: Process 1494 attached
[pid  1494] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1494] chdir("./240")              = 0
[pid  1494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1494] setpgid(0, 0)               = 0
[pid  1494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1494] write(3, "1000", 4)         = 4
[pid  1494] close(3)                    = 0
[pid  1494] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1494] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1494] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1494] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1495], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1495
[pid  1494] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1494] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1495 attached
 <unfinished ...>
[pid  1495] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1495] memfd_create("syzkaller", 0) = 3
[pid  1495] ftruncate(3, 2097152)       = 0
[pid  1495] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1495] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1495] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1495] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1495] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1495] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1495] mkdir("./file0", 0777)      = 0
[pid  1495] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1495] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1495] close(4)                    = 0
[pid  1495] close(3)                    = 0
[pid  1495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1494] <... futex resumed>)        = 0
[pid  1494] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1494] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1495] chdir("./file0")            = 0
[pid  1495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1494] <... futex resumed>)        = 0
[pid  1494] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1494] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1495] creat("./file0", 000)       = 3
[pid  1495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1494] <... futex resumed>)        = 0
[pid  1494] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1494] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1494] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1494] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1498], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1498
[pid  1494] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1494] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1498 attached
 <unfinished ...>
[pid  1498] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1498] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1495] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1498] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1495] <... write resumed>)        = 40
[pid  1498] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1498] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1494] <... futex resumed>)        = 0
[pid  1494] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1494] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1498] <... futex resumed>)        = 0
[pid  1495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1498] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1498] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1494] <... futex resumed>)        = 0
[pid  1494] exit_group(0)               = ?
[pid  1498] <... futex resumed>)        = ?
[pid  1495] <... futex resumed>)        = ?
[pid  1498] +++ exited with 0 +++
[pid  1495] +++ exited with 0 +++
[pid  1494] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1494, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./240/binderfs")                = 0
[   54.417087][ T1498] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./240/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./240")                          = 0
mkdir("./241", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1499
./strace-static-x86_64: Process 1499 attached
[pid  1499] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1499] chdir("./241")              = 0
[pid  1499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1499] setpgid(0, 0)               = 0
[pid  1499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1499] write(3, "1000", 4)         = 4
[pid  1499] close(3)                    = 0
[pid  1499] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1499] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1499] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1499] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1500 attached
, parent_tid=[1500], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1500
[pid  1500] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1500] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1500] <... futex resumed>)        = 0
[pid  1499] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1500] memfd_create("syzkaller", 0) = 3
[pid  1500] ftruncate(3, 2097152)       = 0
[pid  1500] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1500] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1500] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1500] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1500] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1500] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1500] mkdir("./file0", 0777)      = 0
[pid  1500] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1500] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1500] close(4)                    = 0
[pid  1500] close(3)                    = 0
[pid  1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1499] <... futex resumed>)        = 0
[pid  1500] chdir("./file0" <unfinished ...>
[pid  1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1500] <... chdir resumed>)        = 0
[pid  1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1499] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1500] <... futex resumed>)        = 0
[pid  1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1500] creat("./file0", 000 <unfinished ...>
[pid  1499] <... futex resumed>)        = 0
[pid  1499] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1500] <... creat resumed>)        = 3
[pid  1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1500] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1499] <... futex resumed>)        = 0
[pid  1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1500] <... futex resumed>)        = 0
[pid  1499] <... futex resumed>)        = 1
[pid  1499] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1500] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1499] <... futex resumed>)        = 0
[pid  1499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1500] <... write resumed>)        = 40
[pid  1499] <... mmap resumed>)         = 0x7f0168051000
[pid  1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1499] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1500] <... futex resumed>)        = 0
[pid  1500] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1499] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1503 attached
, parent_tid=[1503], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1503
[pid  1503] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1499] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1503] <... set_robust_list resumed>) = 0
[pid  1499] <... futex resumed>)        = 0
[pid  1503] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1499] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1503] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1503] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1499] <... futex resumed>)        = 0
[pid  1503] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1500] <... futex resumed>)        = 0
[pid  1499] <... futex resumed>)        = 1
[pid  1500] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1499] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1499] <... futex resumed>)        = 0
[pid  1500] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1499] exit_group(0)               = ?
[pid  1500] <... futex resumed>)        = ?
[pid  1500] +++ exited with 0 +++
[pid  1503] <... futex resumed>)        = ?
[pid  1503] +++ exited with 0 +++
[pid  1499] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1499, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./241/binderfs")                = 0
[   54.525709][ T1503] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   54.542404][ T1503] EXT4-fs (loop0): pa ffff8881ed9ca690: logic 16, phys. 128, len 24
[   54.550421][ T1503] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./241/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./241")                          = 0
mkdir("./242", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1504
./strace-static-x86_64: Process 1504 attached
[pid  1504] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1504] chdir("./242")              = 0
[pid  1504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1504] setpgid(0, 0)               = 0
[pid  1504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1504] write(3, "1000", 4)         = 4
[pid  1504] close(3)                    = 0
[pid  1504] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1504] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1504] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1504] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1505], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1505
[pid  1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1504] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1505 attached
 <unfinished ...>
[pid  1505] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1505] memfd_create("syzkaller", 0) = 3
[pid  1505] ftruncate(3, 2097152)       = 0
[pid  1505] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1505] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1505] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1505] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1505] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1505] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1505] mkdir("./file0", 0777)      = 0
[pid  1505] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1505] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1505] close(4)                    = 0
[pid  1505] close(3)                    = 0
[pid  1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1504] <... futex resumed>)        = 0
[pid  1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1504] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1505] chdir("./file0")            = 0
[pid  1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1504] <... futex resumed>)        = 0
[pid  1505] <... futex resumed>)        = 1
[pid  1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1504] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1505] creat("./file0", 000)       = 3
[pid  1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1504] <... futex resumed>)        = 0
[pid  1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1504] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1504] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1504] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1508], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1508
[pid  1504] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1504] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1505] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1505] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1508 attached
 <unfinished ...>
[pid  1508] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1508] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1508] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1504] <... futex resumed>)        = 0
[pid  1508] <... futex resumed>)        = 1
[pid  1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1508] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1504] <... futex resumed>)        = 1
[pid  1504] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1505] <... futex resumed>)        = 0
[pid  1505] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1504] <... futex resumed>)        = 0
[pid  1505] <... futex resumed>)        = 1
[pid  1504] exit_group(0)               = ?
[pid  1508] <... futex resumed>)        = ?
[pid  1508] +++ exited with 0 +++
[pid  1505] +++ exited with 0 +++
[pid  1504] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1504, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./242/binderfs")                = 0
[   54.651671][ T1508] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   54.668200][ T1505] EXT4-fs (loop0): pa ffff8881e6ba6498: logic 16, phys. 128, len 24
[   54.676240][ T1505] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./242/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./242")                          = 0
mkdir("./243", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1509
./strace-static-x86_64: Process 1509 attached
[pid  1509] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1509] chdir("./243")              = 0
[pid  1509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1509] setpgid(0, 0)               = 0
[pid  1509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1509] write(3, "1000", 4)         = 4
[pid  1509] close(3)                    = 0
[pid  1509] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1509] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1509] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1509] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1510 attached
, parent_tid=[1510], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1510
[pid  1510] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1510] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1509] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1510] <... futex resumed>)        = 0
[pid  1510] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1509] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1510] <... memfd_create resumed>) = 3
[pid  1510] ftruncate(3, 2097152)       = 0
[pid  1510] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1510] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1510] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1510] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1510] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1510] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1510] mkdir("./file0", 0777)      = 0
[pid  1510] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1510] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1510] close(4)                    = 0
[pid  1510] close(3)                    = 0
[pid  1510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1509] <... futex resumed>)        = 0
[pid  1509] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1509] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1510] chdir("./file0")            = 0
[pid  1510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1509] <... futex resumed>)        = 0
[pid  1509] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1509] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1510] creat("./file0", 000)       = 3
[pid  1510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1509] <... futex resumed>)        = 0
[pid  1509] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1509] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1509] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1509] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1513], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1513
[pid  1509] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1509] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1513 attached
 <unfinished ...>
[pid  1513] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1513] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1510] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1513] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1513] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1509] <... futex resumed>)        = 0
[pid  1509] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1509] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1510] <... write resumed>)        = 40
[pid  1513] <... futex resumed>)        = 1
[pid  1513] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1513] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1509] <... futex resumed>)        = 0
[pid  1513] <... futex resumed>)        = 1
[pid  1513] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1510] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1509] exit_group(0)               = ?
[pid  1513] <... futex resumed>)        = ?
[pid  1510] <... futex resumed>)        = 231
[pid  1513] +++ exited with 0 +++
[pid  1510] +++ exited with 0 +++
[pid  1509] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1509, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./243/binderfs")                = 0
[   54.820247][ T1513] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./243/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./243")                          = 0
mkdir("./244", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1514
./strace-static-x86_64: Process 1514 attached
[pid  1514] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1514] chdir("./244")              = 0
[pid  1514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1514] setpgid(0, 0)               = 0
[pid  1514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1514] write(3, "1000", 4)         = 4
[pid  1514] close(3)                    = 0
[pid  1514] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1514] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1514] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1514] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1515 attached
 <unfinished ...>
[pid  1515] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  1514] <... clone resumed>, parent_tid=[1515], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1515
[pid  1515] <... set_robust_list resumed>) = 0
[pid  1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1515] <... futex resumed>)        = 0
[pid  1515] memfd_create("syzkaller", 0) = 3
[pid  1515] ftruncate(3, 2097152)       = 0
[pid  1515] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1515] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1515] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1515] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1515] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1515] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  1514] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1515] <... ioctl resumed>)        = 0
[pid  1515] mkdir("./file0", 0777)      = 0
[pid  1515] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1515] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1515] close(4)                    = 0
[pid  1515] close(3)                    = 0
[pid  1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1514] <... futex resumed>)        = 0
[pid  1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1515] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1514] <... futex resumed>)        = 0
[pid  1515] chdir("./file0" <unfinished ...>
[pid  1514] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1515] <... chdir resumed>)        = 0
[pid  1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1514] <... futex resumed>)        = 0
[pid  1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1515] <... futex resumed>)        = 0
[pid  1514] <... futex resumed>)        = 1
[pid  1515] creat("./file0", 000 <unfinished ...>
[pid  1514] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1515] <... creat resumed>)        = 3
[pid  1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1514] <... futex resumed>)        = 0
[pid  1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1515] <... futex resumed>)        = 0
[pid  1514] <... futex resumed>)        = 1
[pid  1515] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1514] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1514] <... futex resumed>)        = 0
[pid  1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1514] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1514] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1518 attached
 <unfinished ...>
[pid  1518] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1518] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1514] <... clone resumed>, parent_tid=[1518], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1518
[pid  1514] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1518] <... futex resumed>)        = 0
[pid  1518] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1514] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1518] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1518] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1518] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1514] <... futex resumed>)        = 0
[pid  1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1515] <... futex resumed>)        = 0
[pid  1515] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1514] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1514] exit_group(0)               = ?
[pid  1515] <... futex resumed>)        = ?
[pid  1515] +++ exited with 0 +++
[pid  1518] <... futex resumed>)        = ?
[pid  1518] +++ exited with 0 +++
[pid  1514] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1514, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./244/binderfs")                = 0
[   54.933758][ T1518] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   54.956007][ T1514] EXT4-fs (loop0): pa ffff8881e68ae690: logic 16, phys. 128, len 24
[   54.964035][ T1514] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./244/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./244")                          = 0
mkdir("./245", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1519
./strace-static-x86_64: Process 1519 attached
[pid  1519] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1519] chdir("./245")              = 0
[pid  1519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1519] setpgid(0, 0)               = 0
[pid  1519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1519] write(3, "1000", 4)         = 4
[pid  1519] close(3)                    = 0
[pid  1519] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1519] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1519] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1519] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1520 attached
 <unfinished ...>
[pid  1520] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  1519] <... clone resumed>, parent_tid=[1520], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1520
[pid  1520] <... set_robust_list resumed>) = 0
[pid  1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1520] <... futex resumed>)        = 0
[pid  1519] <... futex resumed>)        = 1
[pid  1519] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1520] memfd_create("syzkaller", 0) = 3
[pid  1520] ftruncate(3, 2097152)       = 0
[pid  1520] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1520] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1520] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1520] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1520] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1520] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1520] mkdir("./file0", 0777)      = 0
[pid  1520] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1520] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1520] close(4)                    = 0
[pid  1520] close(3)                    = 0
[pid  1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1519] <... futex resumed>)        = 0
[pid  1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1520] <... futex resumed>)        = 0
[pid  1520] chdir("./file0" <unfinished ...>
[pid  1519] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1520] <... chdir resumed>)        = 0
[pid  1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1519] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1520] <... futex resumed>)        = 0
[pid  1519] <... futex resumed>)        = 1
[pid  1520] creat("./file0", 000 <unfinished ...>
[pid  1519] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1520] <... creat resumed>)        = 3
[pid  1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1519] <... futex resumed>)        = 0
[pid  1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1519] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1519] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1519] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  1520] <... futex resumed>)        = 0
[pid  1520] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1523 attached
 <unfinished ...>
[pid  1523] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1523] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1519] <... clone resumed>, parent_tid=[1523], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1523
[pid  1519] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1523] <... futex resumed>)        = 0
[pid  1519] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1523] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1523] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1519] <... futex resumed>)        = 0
[pid  1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1523] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1520] <... futex resumed>)        = 0
[pid  1520] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1519] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1519] exit_group(0)               = ?
[pid  1520] <... futex resumed>)        = ?
[pid  1520] +++ exited with 0 +++
[pid  1523] <... futex resumed>)        = ?
[pid  1523] +++ exited with 0 +++
[pid  1519] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1519, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./245/binderfs")                = 0
[   55.092661][ T1523] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   55.110750][ T1523] EXT4-fs (loop0): pa ffff8881e6ba6a80: logic 16, phys. 128, len 24
[   55.118744][ T1523] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./245/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./245")                          = 0
mkdir("./246", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1524
./strace-static-x86_64: Process 1524 attached
[pid  1524] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1524] chdir("./246")              = 0
[pid  1524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1524] setpgid(0, 0)               = 0
[pid  1524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1524] write(3, "1000", 4)         = 4
[pid  1524] close(3)                    = 0
[pid  1524] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1524] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1524] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1524] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1525], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1525
[pid  1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1524] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1525 attached
 <unfinished ...>
[pid  1525] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1525] memfd_create("syzkaller", 0) = 3
[pid  1525] ftruncate(3, 2097152)       = 0
[pid  1525] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1525] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1525] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1525] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1525] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1525] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1525] mkdir("./file0", 0777)      = 0
[pid  1525] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1525] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1525] close(4)                    = 0
[pid  1525] close(3)                    = 0
[pid  1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1524] <... futex resumed>)        = 0
[pid  1525] <... futex resumed>)        = 1
[pid  1525] chdir("./file0" <unfinished ...>
[pid  1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1524] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1525] <... chdir resumed>)        = 0
[pid  1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1524] <... futex resumed>)        = 0
[pid  1525] <... futex resumed>)        = 1
[pid  1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1525] creat("./file0", 000 <unfinished ...>
[pid  1524] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1525] <... creat resumed>)        = 3
[pid  1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1524] <... futex resumed>)        = 0
[pid  1525] <... futex resumed>)        = 1
[pid  1525] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1524] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1524] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1524] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1528 attached
 <unfinished ...>
[pid  1528] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1528] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1525] <... write resumed>)        = 40
[pid  1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1525] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1524] <... clone resumed>, parent_tid=[1528], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1528
[pid  1524] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1528] <... futex resumed>)        = 0
[pid  1524] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1528] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1528] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1524] <... futex resumed>)        = 0
[pid  1528] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1525] <... futex resumed>)        = 0
[pid  1524] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1525] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1524] <... futex resumed>)        = 0
[pid  1525] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1524] exit_group(0)               = ?
[pid  1525] <... futex resumed>)        = 231
[pid  1525] +++ exited with 0 +++
[pid  1528] <... futex resumed>)        = ?
[pid  1528] +++ exited with 0 +++
[pid  1524] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1524, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./246/binderfs")                = 0
[   55.238018][ T1528] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   55.254042][ T1528] EXT4-fs (loop0): pa ffff8881e68ae3f0: logic 16, phys. 128, len 24
[   55.262134][ T1528] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./246/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./246")                          = 0
mkdir("./247", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1529
./strace-static-x86_64: Process 1529 attached
[pid  1529] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1529] chdir("./247")              = 0
[pid  1529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1529] setpgid(0, 0)               = 0
[pid  1529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1529] write(3, "1000", 4)         = 4
[pid  1529] close(3)                    = 0
[pid  1529] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1529] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1529] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1529] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1530 attached
, parent_tid=[1530], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1530
[pid  1530] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1530] <... futex resumed>)        = 0
[pid  1530] memfd_create("syzkaller", 0) = 3
[pid  1530] ftruncate(3, 2097152)       = 0
[pid  1530] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1530] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1530] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1530] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1530] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1530] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1530] mkdir("./file0", 0777)      = 0
[pid  1530] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" <unfinished ...>
[pid  1529] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1530] <... mount resumed>)        = 0
[pid  1530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1530] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1530] close(4)                    = 0
[pid  1530] close(3)                    = 0
[pid  1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1529] <... futex resumed>)        = 0
[pid  1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1530] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1529] <... futex resumed>)        = 0
[pid  1530] chdir("./file0")            = 0
[pid  1529] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1529] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1530] <... futex resumed>)        = 0
[pid  1529] <... futex resumed>)        = 1
[pid  1530] creat("./file0", 000)       = 3
[pid  1529] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1529] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1530] <... futex resumed>)        = 0
[pid  1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1530] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1529] <... futex resumed>)        = 0
[pid  1530] <... write resumed>)        = 40
[pid  1529] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1529] <... futex resumed>)        = 0
[pid  1530] <... futex resumed>)        = 0
[pid  1529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1529] <... mmap resumed>)         = 0x7f0168051000
[pid  1529] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1529] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1533], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1533
./strace-static-x86_64: Process 1533 attached
[pid  1533] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1533] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1529] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1533] <... futex resumed>)        = 0
[pid  1533] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1529] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1533] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1533] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1533] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1529] <... futex resumed>)        = 0
[pid  1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1530] <... futex resumed>)        = 0
[pid  1529] <... futex resumed>)        = 1
[pid  1530] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1529] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1530] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1529] <... futex resumed>)        = 0
[pid  1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1529] exit_group(0)               = ?
[pid  1530] <... futex resumed>)        = 231
[pid  1530] +++ exited with 0 +++
[pid  1533] <... futex resumed>)        = ?
[pid  1533] +++ exited with 0 +++
[pid  1529] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1529, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./247/binderfs")                = 0
[   55.374395][ T1533] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   55.390411][ T1533] EXT4-fs (loop0): pa ffff8881e68aee70: logic 16, phys. 128, len 24
[   55.398383][ T1533] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./247/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./247")                          = 0
mkdir("./248", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1534
./strace-static-x86_64: Process 1534 attached
[pid  1534] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1534] chdir("./248")              = 0
[pid  1534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1534] setpgid(0, 0)               = 0
[pid  1534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1534] write(3, "1000", 4)         = 4
[pid  1534] close(3)                    = 0
[pid  1534] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1534] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1534] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1534] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1535], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1535
[pid  1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1534] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1535 attached
 <unfinished ...>
[pid  1535] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1535] memfd_create("syzkaller", 0) = 3
[pid  1535] ftruncate(3, 2097152)       = 0
[pid  1535] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1535] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1535] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1535] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1535] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1535] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1535] mkdir("./file0", 0777)      = 0
[pid  1535] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1535] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1535] close(4)                    = 0
[pid  1535] close(3)                    = 0
[pid  1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1534] <... futex resumed>)        = 0
[pid  1535] chdir("./file0" <unfinished ...>
[pid  1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1535] <... chdir resumed>)        = 0
[pid  1534] <... futex resumed>)        = 0
[pid  1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1534] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1535] <... futex resumed>)        = 0
[pid  1534] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1535] creat("./file0", 000 <unfinished ...>
[pid  1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1535] <... creat resumed>)        = 3
[pid  1534] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1534] <... futex resumed>)        = 0
[pid  1535] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1535] <... write resumed>)        = 40
[pid  1534] <... futex resumed>)        = 0
[pid  1534] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1534] <... futex resumed>)        = 0
[pid  1535] <... futex resumed>)        = 0
[pid  1534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1535] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1534] <... mmap resumed>)         = 0x7f0168051000
[pid  1534] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1534] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1538 attached
, parent_tid=[1538], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1538
[pid  1538] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1534] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1538] <... set_robust_list resumed>) = 0
[pid  1538] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1534] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1538] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1538] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1534] <... futex resumed>)        = 0
[pid  1538] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1535] <... futex resumed>)        = 0
[pid  1534] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1535] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1534] <... futex resumed>)        = 0
[pid  1535] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1534] exit_group(0)               = ?
[pid  1535] <... futex resumed>)        = ?
[pid  1535] +++ exited with 0 +++
[pid  1538] <... futex resumed>)        = ?
[pid  1538] +++ exited with 0 +++
[pid  1534] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1534, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./248/binderfs")                = 0
[   55.483347][ T1538] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   55.499787][ T1538] EXT4-fs (loop0): pa ffff8881e6ba6888: logic 16, phys. 128, len 24
[   55.507821][ T1538] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./248/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./248")                          = 0
mkdir("./249", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1539
./strace-static-x86_64: Process 1539 attached
[pid  1539] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1539] chdir("./249")              = 0
[pid  1539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1539] setpgid(0, 0)               = 0
[pid  1539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1539] write(3, "1000", 4)         = 4
[pid  1539] close(3)                    = 0
[pid  1539] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1539] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1539] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1539] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1540], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1540
[pid  1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1539] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1540 attached
 <unfinished ...>
[pid  1540] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1540] memfd_create("syzkaller", 0) = 3
[pid  1540] ftruncate(3, 2097152)       = 0
[pid  1540] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1540] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1540] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1540] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1540] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1540] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1540] mkdir("./file0", 0777)      = 0
[pid  1540] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1540] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1540] close(4)                    = 0
[pid  1540] close(3)                    = 0
[pid  1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1539] <... futex resumed>)        = 0
[pid  1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1539] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1540] <... futex resumed>)        = 1
[pid  1540] chdir("./file0")            = 0
[pid  1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1539] <... futex resumed>)        = 0
[pid  1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1539] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1540] <... futex resumed>)        = 1
[pid  1540] creat("./file0", 000)       = 3
[pid  1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1539] <... futex resumed>)        = 0
[pid  1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1539] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1539] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1539] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1543 attached
 <unfinished ...>
[pid  1543] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1539] <... clone resumed>, parent_tid=[1543], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1543
[pid  1543] <... set_robust_list resumed>) = 0
[pid  1539] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1543] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1539] <... futex resumed>)        = 0
[pid  1539] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1540] <... futex resumed>)        = 1
[pid  1540] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1543] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1543] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1540] <... write resumed>)        = 40
[pid  1543] <... futex resumed>)        = 1
[pid  1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1539] <... futex resumed>)        = 0
[pid  1540] <... futex resumed>)        = 0
[pid  1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1540] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1539] <... futex resumed>)        = 0
[pid  1540] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1539] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1539] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1540] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1539] exit_group(0)               = ?
[pid  1540] <... futex resumed>)        = 231
[pid  1540] +++ exited with 0 +++
[pid  1543] +++ exited with 0 +++
[pid  1539] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1539, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./249/binderfs")                = 0
[   55.634994][ T1543] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./249/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./249")                          = 0
mkdir("./250", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1544
./strace-static-x86_64: Process 1544 attached
[pid  1544] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1544] chdir("./250")              = 0
[pid  1544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1544] setpgid(0, 0)               = 0
[pid  1544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1544] write(3, "1000", 4)         = 4
[pid  1544] close(3)                    = 0
[pid  1544] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1544] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1544] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1544] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1545 attached
, parent_tid=[1545], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1545
[pid  1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1544] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1545] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1545] memfd_create("syzkaller", 0) = 3
[pid  1545] ftruncate(3, 2097152)       = 0
[pid  1545] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1545] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1545] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1545] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1545] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1545] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1545] mkdir("./file0", 0777)      = 0
[pid  1545] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1545] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1545] close(4)                    = 0
[pid  1545] close(3)                    = 0
[pid  1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1544] <... futex resumed>)        = 0
[pid  1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1544] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1545] <... futex resumed>)        = 1
[pid  1545] chdir("./file0")            = 0
[pid  1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1544] <... futex resumed>)        = 0
[pid  1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1544] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1545] <... futex resumed>)        = 1
[pid  1545] creat("./file0", 000)       = 3
[pid  1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1544] <... futex resumed>)        = 0
[pid  1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1544] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1544] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1544] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1548 attached
, parent_tid=[1548], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1548
[pid  1544] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1544] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1545] <... futex resumed>)        = 1
[pid  1545] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1548] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1545] <... write resumed>)        = 40
[pid  1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1545] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1548] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1548] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1544] <... futex resumed>)        = 0
[pid  1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1544] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1545] <... futex resumed>)        = 0
[pid  1545] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1544] <... futex resumed>)        = 0
[pid  1544] exit_group(0)               = ?
[pid  1548] +++ exited with 0 +++
[pid  1545] <... futex resumed>)        = ?
[pid  1545] +++ exited with 0 +++
[pid  1544] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1544, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./250/binderfs")                = 0
[   55.741871][ T1548] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   55.758799][ T1545] EXT4-fs (loop0): pa ffff8881e68ae150: logic 16, phys. 128, len 24
[   55.766824][ T1545] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./250/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./250")                          = 0
mkdir("./251", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1549
./strace-static-x86_64: Process 1549 attached
[pid  1549] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1549] chdir("./251")              = 0
[pid  1549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1549] setpgid(0, 0)               = 0
[pid  1549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1549] write(3, "1000", 4)         = 4
[pid  1549] close(3)                    = 0
[pid  1549] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1549] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1549] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1549] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1550], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1550
[pid  1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 1550 attached
[pid  1549] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1550] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1550] memfd_create("syzkaller", 0) = 3
[pid  1550] ftruncate(3, 2097152)       = 0
[pid  1550] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1550] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1550] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1550] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1550] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1550] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1550] mkdir("./file0", 0777)      = 0
[pid  1550] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1550] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1550] close(4)                    = 0
[pid  1550] close(3)                    = 0
[pid  1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1549] <... futex resumed>)        = 0
[pid  1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1549] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1550] <... futex resumed>)        = 1
[pid  1550] chdir("./file0")            = 0
[pid  1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1549] <... futex resumed>)        = 0
[pid  1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1549] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1550] <... futex resumed>)        = 1
[pid  1550] creat("./file0", 000)       = 3
[pid  1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1549] <... futex resumed>)        = 0
[pid  1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1549] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1549] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1549] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1553], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1553
[pid  1549] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1549] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1550] <... futex resumed>)        = 1
[pid  1550] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1550] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1553 attached
 <unfinished ...>
[pid  1553] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1553] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1553] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1549] <... futex resumed>)        = 0
[pid  1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1549] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1550] <... futex resumed>)        = 0
[pid  1550] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1549] <... futex resumed>)        = 0
[pid  1549] exit_group(0 <unfinished ...>
[pid  1553] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1549] <... exit_group resumed>)   = ?
[pid  1553] <... futex resumed>)        = ?
[pid  1550] <... futex resumed>)        = ?
[pid  1550] +++ exited with 0 +++
[pid  1553] +++ exited with 0 +++
[pid  1549] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1549, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./251/binderfs")                = 0
umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./251/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./251")                          = 0
mkdir("./252", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1554
./strace-static-x86_64: Process 1554 attached
[pid  1554] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1554] chdir("./252")              = 0
[   55.921180][ T1553] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   55.938450][ T1553] EXT4-fs (loop0): pa ffff8881e68ae0a8: logic 16, phys. 128, len 24
[   55.946494][ T1553] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
[pid  1554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1554] setpgid(0, 0)               = 0
[pid  1554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1554] write(3, "1000", 4)         = 4
[pid  1554] close(3)                    = 0
[pid  1554] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1554] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1554] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1554] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1555 attached
, parent_tid=[1555], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1555
[pid  1555] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1555] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1555] <... futex resumed>)        = 0
[pid  1554] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1555] memfd_create("syzkaller", 0) = 3
[pid  1555] ftruncate(3, 2097152)       = 0
[pid  1555] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1555] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1555] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1555] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1555] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1555] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1555] mkdir("./file0", 0777)      = 0
[pid  1555] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1555] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1555] close(4)                    = 0
[pid  1555] close(3)                    = 0
[pid  1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1554] <... futex resumed>)        = 0
[pid  1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1555] chdir("./file0" <unfinished ...>
[pid  1554] <... futex resumed>)        = 0
[pid  1554] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1555] <... chdir resumed>)        = 0
[pid  1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1554] <... futex resumed>)        = 0
[pid  1555] <... futex resumed>)        = 1
[pid  1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1555] creat("./file0", 000 <unfinished ...>
[pid  1554] <... futex resumed>)        = 0
[pid  1554] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1555] <... creat resumed>)        = 3
[pid  1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1554] <... futex resumed>)        = 0
[pid  1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1555] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1554] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1554] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1554] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1558 attached
, parent_tid=[1558], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1558
[pid  1558] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1554] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1558] <... set_robust_list resumed>) = 0
[pid  1558] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1554] <... futex resumed>)        = 0
[pid  1554] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1558] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1558] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1555] <... write resumed>)        = 40
[pid  1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1555] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1558] <... futex resumed>)        = 1
[pid  1558] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1554] <... futex resumed>)        = 0
[pid  1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1554] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1555] <... futex resumed>)        = 0
[pid  1555] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1554] <... futex resumed>)        = 0
[pid  1554] exit_group(0)               = ?
[pid  1558] <... futex resumed>)        = ?
[pid  1555] <... futex resumed>)        = ?
[pid  1555] +++ exited with 0 +++
[pid  1558] +++ exited with 0 +++
[pid  1554] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1554, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./252/binderfs")                = 0
[   56.027105][ T1558] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./252/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./252")                          = 0
mkdir("./253", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1559
./strace-static-x86_64: Process 1559 attached
[pid  1559] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1559] chdir("./253")              = 0
[pid  1559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1559] setpgid(0, 0)               = 0
[pid  1559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1559] write(3, "1000", 4)         = 4
[pid  1559] close(3)                    = 0
[pid  1559] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1559] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1559] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1559] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1560], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1560
[pid  1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1559] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1560 attached
 <unfinished ...>
[pid  1560] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1560] memfd_create("syzkaller", 0) = 3
[pid  1560] ftruncate(3, 2097152)       = 0
[pid  1560] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1560] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1560] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1560] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1560] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1560] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1560] mkdir("./file0", 0777)      = 0
[pid  1560] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1560] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1560] close(4)                    = 0
[pid  1560] close(3)                    = 0
[pid  1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1559] <... futex resumed>)        = 0
[pid  1560] <... futex resumed>)        = 1
[pid  1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1559] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1560] chdir("./file0")            = 0
[pid  1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1559] <... futex resumed>)        = 0
[pid  1560] <... futex resumed>)        = 1
[pid  1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1559] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1560] creat("./file0", 000)       = 3
[pid  1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1559] <... futex resumed>)        = 0
[pid  1560] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1559] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1559] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1560] <... write resumed>)        = 40
[pid  1559] <... mprotect resumed>)     = 0
[pid  1559] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1563 attached
 <unfinished ...>
[pid  1563] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1563] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1559] <... clone resumed>, parent_tid=[1563], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1563
[pid  1560] <... futex resumed>)        = 0
[pid  1559] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1563] <... futex resumed>)        = 0
[pid  1563] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1559] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1560] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1563] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1563] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1559] <... futex resumed>)        = 0
[pid  1563] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1559] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1560] <... futex resumed>)        = 0
[pid  1560] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1559] <... futex resumed>)        = 0
[pid  1559] exit_group(0)               = ?
[pid  1563] <... futex resumed>)        = ?
[pid  1563] +++ exited with 0 +++
[pid  1560] +++ exited with 0 +++
[pid  1559] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1559, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./253/binderfs")                = 0
[   56.148791][ T1563] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   56.165899][ T1560] EXT4-fs (loop0): pa ffff8881e68ae5e8: logic 16, phys. 128, len 24
[   56.173958][ T1560] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./253/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./253")                          = 0
mkdir("./254", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1564
./strace-static-x86_64: Process 1564 attached
[pid  1564] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1564] chdir("./254")              = 0
[pid  1564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1564] setpgid(0, 0)               = 0
[pid  1564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1564] write(3, "1000", 4)         = 4
[pid  1564] close(3)                    = 0
[pid  1564] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1564] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1564] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1564] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1565 attached
, parent_tid=[1565], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1565
[pid  1565] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1565] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1565] <... futex resumed>)        = 0
[pid  1565] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1564] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1565] <... memfd_create resumed>) = 3
[pid  1565] ftruncate(3, 2097152)       = 0
[pid  1565] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1565] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1565] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1565] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1565] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1565] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1565] mkdir("./file0", 0777)      = 0
[pid  1565] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1565] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1565] close(4)                    = 0
[pid  1565] close(3)                    = 0
[pid  1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1564] <... futex resumed>)        = 0
[pid  1565] <... futex resumed>)        = 1
[pid  1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1565] chdir("./file0" <unfinished ...>
[pid  1564] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1565] <... chdir resumed>)        = 0
[pid  1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1564] <... futex resumed>)        = 0
[pid  1565] <... futex resumed>)        = 1
[pid  1565] creat("./file0", 000 <unfinished ...>
[pid  1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1564] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1565] <... creat resumed>)        = 3
[pid  1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1564] <... futex resumed>)        = 0
[pid  1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1564] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1564] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1564] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1568], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1568
[pid  1564] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1565] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1564] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1565] <... write resumed>)        = 40
[pid  1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1565] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1568 attached
 <unfinished ...>
[pid  1568] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1568] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1568] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1564] <... futex resumed>)        = 0
[pid  1568] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1565] <... futex resumed>)        = 0
[pid  1564] <... futex resumed>)        = 1
[pid  1565] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1564] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1565] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1564] <... futex resumed>)        = 0
[pid  1565] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1564] exit_group(0)               = ?
[pid  1568] <... futex resumed>)        = ?
[pid  1568] +++ exited with 0 +++
[pid  1565] <... futex resumed>)        = ?
[pid  1565] +++ exited with 0 +++
[pid  1564] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1564, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./254/binderfs")                = 0
[   56.326589][ T1568] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   56.342914][ T1565] EXT4-fs (loop0): pa ffff8881e6ba6540: logic 16, phys. 128, len 24
[   56.350923][ T1565] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./254/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./254")                          = 0
mkdir("./255", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1569
./strace-static-x86_64: Process 1569 attached
[pid  1569] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1569] chdir("./255")              = 0
[pid  1569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1569] setpgid(0, 0)               = 0
[pid  1569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1569] write(3, "1000", 4)         = 4
[pid  1569] close(3)                    = 0
[pid  1569] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1569] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1569] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1569] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1570], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1570
[pid  1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1569] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1570 attached
 <unfinished ...>
[pid  1570] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1570] memfd_create("syzkaller", 0) = 3
[pid  1570] ftruncate(3, 2097152)       = 0
[pid  1570] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1570] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1570] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1570] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1570] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1570] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1570] mkdir("./file0", 0777)      = 0
[pid  1570] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1570] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1570] close(4)                    = 0
[pid  1570] close(3)                    = 0
[pid  1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1569] <... futex resumed>)        = 0
[pid  1570] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1570] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1569] <... futex resumed>)        = 0
[pid  1570] chdir("./file0" <unfinished ...>
[pid  1569] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1570] <... chdir resumed>)        = 0
[pid  1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1569] <... futex resumed>)        = 0
[pid  1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1570] creat("./file0", 000 <unfinished ...>
[pid  1569] <... futex resumed>)        = 0
[pid  1569] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1570] <... creat resumed>)        = 3
[pid  1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1569] <... futex resumed>)        = 0
[pid  1570] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1570] <... write resumed>)        = 40
[pid  1569] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1569] <... futex resumed>)        = 0
[pid  1570] <... futex resumed>)        = 0
[pid  1569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1570] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1569] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1569] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1573], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1573
[pid  1569] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1569] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1573 attached
 <unfinished ...>
[pid  1573] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1573] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1573] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1569] <... futex resumed>)        = 0
[pid  1573] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1570] <... futex resumed>)        = 0
[pid  1569] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1570] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1569] <... futex resumed>)        = 0
[pid  1570] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1569] exit_group(0)               = ?
[pid  1570] <... futex resumed>)        = ?
[pid  1573] <... futex resumed>)        = ?
[pid  1573] +++ exited with 0 +++
[pid  1570] +++ exited with 0 +++
[pid  1569] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1569, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./255/binderfs")                = 0
[   56.435313][ T1573] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   56.451291][ T1570] EXT4-fs (loop0): pa ffff8881e68aed20: logic 16, phys. 128, len 24
[   56.459267][ T1570] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./255/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./255")                          = 0
mkdir("./256", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1574
./strace-static-x86_64: Process 1574 attached
[pid  1574] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1574] chdir("./256")              = 0
[pid  1574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1574] setpgid(0, 0)               = 0
[pid  1574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1574] write(3, "1000", 4)         = 4
[pid  1574] close(3)                    = 0
[pid  1574] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1574] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1574] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1574] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1575], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1575
./strace-static-x86_64: Process 1575 attached
[pid  1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1575] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1574] <... futex resumed>)        = 0
[pid  1574] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1575] memfd_create("syzkaller", 0) = 3
[pid  1575] ftruncate(3, 2097152)       = 0
[pid  1575] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1575] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1575] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1575] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1575] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1575] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1575] mkdir("./file0", 0777)      = 0
[pid  1575] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1575] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1575] close(4)                    = 0
[pid  1575] close(3)                    = 0
[pid  1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1574] <... futex resumed>)        = 0
[pid  1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1574] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1575] <... futex resumed>)        = 1
[pid  1575] chdir("./file0")            = 0
[pid  1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1574] <... futex resumed>)        = 0
[pid  1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1574] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1575] <... futex resumed>)        = 1
[pid  1575] creat("./file0", 000)       = 3
[pid  1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1574] <... futex resumed>)        = 0
[pid  1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1574] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1574] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1574] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1578], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1578
[pid  1574] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1574] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1578 attached
 <unfinished ...>
[pid  1575] <... futex resumed>)        = 1
[pid  1575] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1578] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1575] <... write resumed>)        = 40
[pid  1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1575] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1578] <... set_robust_list resumed>) = 0
[pid  1578] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1578] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1574] <... futex resumed>)        = 0
[pid  1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1574] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1578] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1575] <... futex resumed>)        = 0
[pid  1575] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1574] <... futex resumed>)        = 0
[pid  1574] exit_group(0)               = ?
[pid  1578] <... futex resumed>)        = ?
[pid  1575] <... futex resumed>)        = ?
[pid  1575] +++ exited with 0 +++
[pid  1578] +++ exited with 0 +++
[pid  1574] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1574, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./256/binderfs")                = 0
[   56.552690][ T1578] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   56.569644][ T1578] EXT4-fs (loop0): pa ffff8881db90e000: logic 16, phys. 128, len 24
[   56.577668][ T1578] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./256/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./256")                          = 0
mkdir("./257", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1579
./strace-static-x86_64: Process 1579 attached
[pid  1579] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1579] chdir("./257")              = 0
[pid  1579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1579] setpgid(0, 0)               = 0
[pid  1579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1579] write(3, "1000", 4)         = 4
[pid  1579] close(3)                    = 0
[pid  1579] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1579] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1579] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1579] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1580 attached
, parent_tid=[1580], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1580
[pid  1580] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1580] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1580] <... futex resumed>)        = 0
[pid  1580] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1579] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1580] <... memfd_create resumed>) = 3
[pid  1580] ftruncate(3, 2097152)       = 0
[pid  1580] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1580] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1580] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1580] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1580] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1580] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1580] mkdir("./file0", 0777)      = 0
[pid  1580] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1580] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1580] close(4)                    = 0
[pid  1580] close(3)                    = 0
[pid  1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1579] <... futex resumed>)        = 0
[pid  1580] chdir("./file0" <unfinished ...>
[pid  1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1580] <... chdir resumed>)        = 0
[pid  1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1579] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1580] <... futex resumed>)        = 0
[pid  1579] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1580] creat("./file0", 000 <unfinished ...>
[pid  1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1579] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1580] <... creat resumed>)        = 3
[pid  1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1579] <... futex resumed>)        = 0
[pid  1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1579] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1579] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1579] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1583], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1583
[pid  1579] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1580] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1579] <... futex resumed>)        = 0
[pid  1579] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1583 attached
 <unfinished ...>
[pid  1583] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1583] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1580] <... write resumed>)        = 40
[pid  1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1580] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1583] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1579] <... futex resumed>)        = 0
[pid  1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1579] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1580] <... futex resumed>)        = 0
[pid  1580] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1579] <... futex resumed>)        = 0
[pid  1579] exit_group(0)               = ?
[pid  1583] +++ exited with 0 +++
[pid  1580] <... futex resumed>)        = ?
[pid  1580] +++ exited with 0 +++
[pid  1579] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1579, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./257/binderfs")                = 0
[   56.727067][ T1583] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./257/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./257")                          = 0
mkdir("./258", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1584 attached
, child_tidptr=0x55555656e5d0) = 1584
[pid  1584] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1584] chdir("./258")              = 0
[pid  1584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1584] setpgid(0, 0)               = 0
[pid  1584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1584] write(3, "1000", 4)         = 4
[pid  1584] close(3)                    = 0
[pid  1584] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1584] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1584] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1584] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1585 attached
, parent_tid=[1585], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1585
[pid  1585] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1585] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1585] <... futex resumed>)        = 0
[pid  1584] <... futex resumed>)        = 1
[pid  1585] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1584] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1585] <... memfd_create resumed>) = 3
[pid  1585] ftruncate(3, 2097152)       = 0
[pid  1585] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1585] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1585] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1585] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1585] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1585] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1585] mkdir("./file0", 0777)      = 0
[pid  1585] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1585] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1585] close(4)                    = 0
[pid  1585] close(3)                    = 0
[pid  1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1584] <... futex resumed>)        = 0
[pid  1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1584] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1585] <... futex resumed>)        = 1
[pid  1585] chdir("./file0")            = 0
[pid  1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1584] <... futex resumed>)        = 0
[pid  1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1584] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1585] <... futex resumed>)        = 1
[pid  1585] creat("./file0", 000)       = 3
[pid  1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1584] <... futex resumed>)        = 0
[pid  1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1584] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1584] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1584] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1588], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1588
[pid  1584] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1584] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1588 attached
 <unfinished ...>
[pid  1588] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1588] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1585] <... futex resumed>)        = 1
[pid  1585] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1588] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1585] <... write resumed>)        = 40
[pid  1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1585] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1588] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1584] <... futex resumed>)        = 0
[pid  1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1585] <... futex resumed>)        = 0
[pid  1584] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1585] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1588] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1584] <... futex resumed>)        = 0
[pid  1585] <... futex resumed>)        = 1
[pid  1584] exit_group(0 <unfinished ...>
[pid  1585] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1584] <... exit_group resumed>)   = ?
[pid  1585] <... futex resumed>)        = ?
[pid  1585] +++ exited with 0 +++
[pid  1588] <... futex resumed>)        = ?
[pid  1588] +++ exited with 0 +++
[pid  1584] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1584, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./258/binderfs")                = 0
[   56.893586][ T1588] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./258/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./258")                          = 0
mkdir("./259", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1589
./strace-static-x86_64: Process 1589 attached
[pid  1589] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1589] chdir("./259")              = 0
[pid  1589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1589] setpgid(0, 0)               = 0
[pid  1589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1589] write(3, "1000", 4)         = 4
[pid  1589] close(3)                    = 0
[pid  1589] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1589] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1589] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1589] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1590 attached
, parent_tid=[1590], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1590
[pid  1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1590] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1590] memfd_create("syzkaller", 0) = 3
[pid  1590] ftruncate(3, 2097152)       = 0
[pid  1590] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1590] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1590] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1590] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1590] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1590] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1590] mkdir("./file0", 0777)      = 0
[pid  1590] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1590] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1590] close(4)                    = 0
[pid  1590] close(3)                    = 0
[pid  1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1589] <... futex resumed>)        = 0
[pid  1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1590] chdir("./file0" <unfinished ...>
[pid  1589] <... futex resumed>)        = 0
[pid  1590] <... chdir resumed>)        = 0
[pid  1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1589] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1590] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1590] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1589] <... futex resumed>)        = 0
[pid  1590] creat("./file0", 000 <unfinished ...>
[pid  1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1590] <... creat resumed>)        = 3
[pid  1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1589] <... futex resumed>)        = 0
[pid  1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1590] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1589] <... futex resumed>)        = 0
[pid  1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1590] <... futex resumed>)        = 0
[pid  1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1590] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1590] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1589] <... futex resumed>)        = 0
[pid  1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1590] <... futex resumed>)        = 0
[pid  1590] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1589] <... futex resumed>)        = 0
[pid  1589] exit_group(0)               = ?
[pid  1590] <... futex resumed>)        = ?
[pid  1590] +++ exited with 0 +++
[pid  1589] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1589, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./259/binderfs")                = 0
[   56.998582][ T1590] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   57.016181][ T1590] EXT4-fs (loop0): pa ffff8881db90e5e8: logic 16, phys. 128, len 24
[   57.024185][ T1590] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./259/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./259")                          = 0
mkdir("./260", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1593
./strace-static-x86_64: Process 1593 attached
[pid  1593] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1593] chdir("./260")              = 0
[pid  1593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1593] setpgid(0, 0)               = 0
[pid  1593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1593] write(3, "1000", 4)         = 4
[pid  1593] close(3)                    = 0
[pid  1593] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1593] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1593] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1593] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1594], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1594
[pid  1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1593] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1594 attached
 <unfinished ...>
[pid  1594] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1594] memfd_create("syzkaller", 0) = 3
[pid  1594] ftruncate(3, 2097152)       = 0
[pid  1594] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1594] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1594] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1594] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1594] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1594] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1594] mkdir("./file0", 0777)      = 0
[pid  1594] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1594] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1594] close(4)                    = 0
[pid  1594] close(3)                    = 0
[pid  1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1593] <... futex resumed>)        = 0
[pid  1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1594] chdir("./file0" <unfinished ...>
[pid  1593] <... futex resumed>)        = 0
[pid  1594] <... chdir resumed>)        = 0
[pid  1593] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1593] <... futex resumed>)        = 0
[pid  1594] <... futex resumed>)        = 1
[pid  1594] creat("./file0", 000 <unfinished ...>
[pid  1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1593] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1594] <... creat resumed>)        = 3
[pid  1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1593] <... futex resumed>)        = 0
[pid  1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1593] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1593] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1593] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1597], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1597
[pid  1593] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 1597 attached
[pid  1594] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1593] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1594] <... write resumed>)        = 40
[pid  1597] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1597] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1594] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1597] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1597] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1593] <... futex resumed>)        = 0
[pid  1597] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1594] <... futex resumed>)        = 0
[pid  1593] <... futex resumed>)        = 1
[pid  1594] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1593] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1594] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1593] <... futex resumed>)        = 0
[pid  1593] exit_group(0)               = ?
[pid  1597] <... futex resumed>)        = ?
[pid  1594] +++ exited with 0 +++
[pid  1597] +++ exited with 0 +++
[pid  1593] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1593, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./260/binderfs")                = 0
[   57.126181][ T1597] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   57.143864][ T1597] EXT4-fs (loop0): pa ffff8881db90e690: logic 16, phys. 128, len 24
[   57.151890][ T1597] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./260/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./260")                          = 0
mkdir("./261", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1598 attached
, child_tidptr=0x55555656e5d0) = 1598
[pid  1598] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1598] chdir("./261")              = 0
[pid  1598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1598] setpgid(0, 0)               = 0
[pid  1598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1598] write(3, "1000", 4)         = 4
[pid  1598] close(3)                    = 0
[pid  1598] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1598] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1598] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1598] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1599 attached
, parent_tid=[1599], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1599
[pid  1599] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1599] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1599] <... futex resumed>)        = 0
[pid  1599] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1598] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1599] <... memfd_create resumed>) = 3
[pid  1599] ftruncate(3, 2097152)       = 0
[pid  1599] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1599] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1599] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1599] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1599] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1599] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1599] mkdir("./file0", 0777)      = 0
[pid  1599] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1599] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1599] close(4)                    = 0
[pid  1599] close(3)                    = 0
[pid  1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1598] <... futex resumed>)        = 0
[pid  1599] chdir("./file0" <unfinished ...>
[pid  1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1599] <... chdir resumed>)        = 0
[pid  1598] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1598] <... futex resumed>)        = 0
[pid  1599] <... futex resumed>)        = 1
[pid  1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1599] creat("./file0", 000 <unfinished ...>
[pid  1598] <... futex resumed>)        = 0
[pid  1598] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1599] <... creat resumed>)        = 3
[pid  1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1598] <... futex resumed>)        = 0
[pid  1599] <... futex resumed>)        = 1
[pid  1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1598] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1598] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1598] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1602], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1602
[pid  1598] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1598] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1599] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1599] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1602 attached
 <unfinished ...>
[pid  1602] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1602] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1602] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1598] <... futex resumed>)        = 0
[pid  1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1598] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1599] <... futex resumed>)        = 0
[pid  1602] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1599] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1598] <... futex resumed>)        = 0
[pid  1598] exit_group(0)               = ?
[pid  1599] <... futex resumed>)        = ?
[pid  1599] +++ exited with 0 +++
[pid  1602] <... futex resumed>)        = ?
[pid  1602] +++ exited with 0 +++
[pid  1598] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1598, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./261/binderfs")                = 0
[   57.254619][ T1602] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   57.271817][ T1602] EXT4-fs (loop0): pa ffff8881e6ba6e70: logic 16, phys. 128, len 24
[   57.279787][ T1602] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./261/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./261")                          = 0
mkdir("./262", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1603
./strace-static-x86_64: Process 1603 attached
[pid  1603] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1603] chdir("./262")              = 0
[pid  1603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1603] setpgid(0, 0)               = 0
[pid  1603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1603] write(3, "1000", 4)         = 4
[pid  1603] close(3)                    = 0
[pid  1603] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1603] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1603] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1603] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1604 attached
, parent_tid=[1604], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1604
[pid  1604] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1604] <... futex resumed>)        = 0
[pid  1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1604] memfd_create("syzkaller", 0) = 3
[pid  1604] ftruncate(3, 2097152)       = 0
[pid  1604] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1604] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1604] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1604] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1604] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1604] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1604] mkdir("./file0", 0777)      = 0
[pid  1604] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1604] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1604] close(4)                    = 0
[pid  1604] close(3)                    = 0
[pid  1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1603] <... futex resumed>)        = 0
[pid  1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1604] <... futex resumed>)        = 0
[pid  1604] chdir("./file0")            = 0
[pid  1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1604] <... futex resumed>)        = 0
[pid  1604] creat("./file0", 000)       = 3
[pid  1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1604] <... futex resumed>)        = 0
[pid  1604] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1604] <... futex resumed>)        = 0
[pid  1604] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1604] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1603] <... futex resumed>)        = 0
[pid  1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1604] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1603] <... futex resumed>)        = 0
[pid  1603] exit_group(0)               = ?
[pid  1604] +++ exited with 0 +++
[pid  1603] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1603, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./262/binderfs")                = 0
[   57.386031][ T1604] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   57.402777][ T1604] EXT4-fs (loop0): pa ffff8881e6ba6930: logic 16, phys. 128, len 24
[   57.410802][ T1604] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./262/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./262")                          = 0
mkdir("./263", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1607
./strace-static-x86_64: Process 1607 attached
[pid  1607] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1607] chdir("./263")              = 0
[pid  1607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1607] setpgid(0, 0)               = 0
[pid  1607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1607] write(3, "1000", 4)         = 4
[pid  1607] close(3)                    = 0
[pid  1607] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1607] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1607] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1607] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1608 attached
, parent_tid=[1608], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1608
[pid  1608] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1608] <... set_robust_list resumed>) = 0
[pid  1607] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1608] memfd_create("syzkaller", 0) = 3
[pid  1608] ftruncate(3, 2097152)       = 0
[pid  1608] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1608] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1608] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1608] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1608] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1608] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1608] mkdir("./file0", 0777)      = 0
[pid  1608] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1608] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1608] close(4)                    = 0
[pid  1608] close(3)                    = 0
[pid  1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1607] <... futex resumed>)        = 0
[pid  1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1608] chdir("./file0" <unfinished ...>
[pid  1607] <... futex resumed>)        = 0
[pid  1607] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1608] <... chdir resumed>)        = 0
[pid  1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1607] <... futex resumed>)        = 0
[pid  1608] creat("./file0", 000 <unfinished ...>
[pid  1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1607] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1608] <... creat resumed>)        = 3
[pid  1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1607] <... futex resumed>)        = 0
[pid  1608] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1607] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1608] <... write resumed>)        = 40
[pid  1607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1607] <... mmap resumed>)         = 0x7f0168051000
[pid  1608] <... futex resumed>)        = 0
[pid  1607] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1608] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1607] <... mprotect resumed>)     = 0
[pid  1607] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1611 attached
, parent_tid=[1611], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1611
[pid  1611] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1611] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1607] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1611] <... futex resumed>)        = 0
[pid  1611] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1607] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1611] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1611] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1611] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1607] <... futex resumed>)        = 0
[pid  1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1608] <... futex resumed>)        = 0
[pid  1607] <... futex resumed>)        = 1
[pid  1607] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1608] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1607] <... futex resumed>)        = 0
[pid  1608] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1607] exit_group(0)               = ?
[pid  1611] <... futex resumed>)        = ?
[pid  1611] +++ exited with 0 +++
[pid  1608] <... futex resumed>)        = ?
[pid  1608] +++ exited with 0 +++
[pid  1607] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1607, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./263/binderfs")                = 0
[   57.508453][ T1611] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   57.526482][ T1608] EXT4-fs (loop0): pa ffff8881db90e3f0: logic 16, phys. 128, len 24
[   57.534596][ T1608] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./263/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./263")                          = 0
mkdir("./264", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1612 attached
 <unfinished ...>
[pid  1612] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1612] chdir("./264")              = 0
[pid  1612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1612] setpgid(0, 0)               = 0
[pid  1612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid   304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1612
[pid  1612] <... openat resumed>)       = 3
[pid  1612] write(3, "1000", 4)         = 4
[pid  1612] close(3)                    = 0
[pid  1612] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1612] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1612] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1612] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1613 attached
, parent_tid=[1613], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1613
[pid  1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1612] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1613] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1613] memfd_create("syzkaller", 0) = 3
[pid  1613] ftruncate(3, 2097152)       = 0
[pid  1613] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1613] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1613] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1613] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1613] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1613] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1613] mkdir("./file0", 0777)      = 0
[pid  1613] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1613] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1613] close(4)                    = 0
[pid  1613] close(3)                    = 0
[pid  1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1612] <... futex resumed>)        = 0
[pid  1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1612] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1613] <... futex resumed>)        = 1
[pid  1613] chdir("./file0")            = 0
[pid  1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1612] <... futex resumed>)        = 0
[pid  1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1612] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1613] <... futex resumed>)        = 1
[pid  1613] creat("./file0", 000)       = 3
[pid  1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1612] <... futex resumed>)        = 0
[pid  1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1612] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1612] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1612] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1616], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1616
[pid  1612] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1612] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1613] <... futex resumed>)        = 1
[pid  1613] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1613] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1616 attached
 <unfinished ...>
[pid  1616] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1616] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1616] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1612] <... futex resumed>)        = 0
[pid  1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1612] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1613] <... futex resumed>)        = 0
[pid  1613] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1612] <... futex resumed>)        = 0
[pid  1612] exit_group(0)               = ?
[pid  1613] <... futex resumed>)        = ?
[pid  1613] +++ exited with 0 +++
[pid  1616] +++ exited with 0 +++
[pid  1612] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1612, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./264/binderfs")                = 0
[   57.685886][ T1616] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   57.702260][ T1616] EXT4-fs (loop0): pa ffff8881e6ba67e0: logic 16, phys. 128, len 24
[   57.710258][ T1616] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./264/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./264")                          = 0
mkdir("./265", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1617 attached
, child_tidptr=0x55555656e5d0) = 1617
[pid  1617] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1617] chdir("./265")              = 0
[pid  1617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1617] setpgid(0, 0)               = 0
[pid  1617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1617] write(3, "1000", 4)         = 4
[pid  1617] close(3)                    = 0
[pid  1617] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1617] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1617] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1617] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1618 attached
, parent_tid=[1618], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1618
[pid  1618] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1618] <... futex resumed>)        = 0
[pid  1618] memfd_create("syzkaller", 0) = 3
[pid  1618] ftruncate(3, 2097152)       = 0
[pid  1618] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1618] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1618] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1618] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1618] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1618] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  1617] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1618] <... ioctl resumed>)        = 0
[pid  1618] mkdir("./file0", 0777)      = 0
[pid  1618] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1618] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1618] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1618] close(4)                    = 0
[pid  1618] close(3)                    = 0
[pid  1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1617] <... futex resumed>)        = 0
[pid  1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1618] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1617] <... futex resumed>)        = 0
[pid  1618] chdir("./file0" <unfinished ...>
[pid  1617] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1618] <... chdir resumed>)        = 0
[pid  1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1617] <... futex resumed>)        = 0
[pid  1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1618] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1617] <... futex resumed>)        = 0
[pid  1618] creat("./file0", 000 <unfinished ...>
[pid  1617] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1618] <... creat resumed>)        = 3
[pid  1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1617] <... futex resumed>)        = 0
[pid  1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1618] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1617] <... futex resumed>)        = 0
[pid  1618] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1617] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1618] <... write resumed>)        = 40
[pid  1617] <... futex resumed>)        = 0
[pid  1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1618] <... futex resumed>)        = 0
[pid  1617] <... mmap resumed>)         = 0x7f0168051000
[pid  1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1617] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1617] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1621 attached
, parent_tid=[1621], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1621
[pid  1621] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1621] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1617] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1621] <... futex resumed>)        = 0
[pid  1621] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1617] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1621] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1621] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1621] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1617] <... futex resumed>)        = 0
[pid  1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1618] <... futex resumed>)        = 0
[pid  1618] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1617] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1617] exit_group(0)               = ?
[pid  1621] <... futex resumed>)        = ?
[pid  1618] <... futex resumed>)        = ?
[pid  1621] +++ exited with 0 +++
[pid  1618] +++ exited with 0 +++
[pid  1617] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1617, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./265/binderfs")                = 0
[   57.825541][ T1621] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   57.842585][ T1617] EXT4-fs (loop0): pa ffff8881db90e9d8: logic 16, phys. 128, len 24
[   57.850761][ T1617] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./265/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./265")                          = 0
mkdir("./266", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1622
./strace-static-x86_64: Process 1622 attached
[pid  1622] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1622] chdir("./266")              = 0
[pid  1622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1622] setpgid(0, 0)               = 0
[pid  1622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1622] write(3, "1000", 4)         = 4
[pid  1622] close(3)                    = 0
[pid  1622] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1622] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1622] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1622] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1623], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1623
./strace-static-x86_64: Process 1623 attached
[pid  1623] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1623] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1623] <... futex resumed>)        = 0
[pid  1622] <... futex resumed>)        = 1
[pid  1623] memfd_create("syzkaller", 0) = 3
[pid  1623] ftruncate(3, 2097152)       = 0
[pid  1623] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1623] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1623] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1623] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192 <unfinished ...>
[pid  1622] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1623] <... pwrite64 resumed>)     = 4098
[pid  1623] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1623] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1623] mkdir("./file0", 0777)      = 0
[pid  1623] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1623] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1623] close(4)                    = 0
[pid  1623] close(3)                    = 0
[pid  1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1622] <... futex resumed>)        = 0
[pid  1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1623] chdir("./file0" <unfinished ...>
[pid  1622] <... futex resumed>)        = 0
[pid  1622] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1623] <... chdir resumed>)        = 0
[pid  1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1622] <... futex resumed>)        = 0
[pid  1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1623] creat("./file0", 000 <unfinished ...>
[pid  1622] <... futex resumed>)        = 0
[pid  1622] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1623] <... creat resumed>)        = 3
[pid  1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1623] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1622] <... futex resumed>)        = 0
[pid  1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1623] <... futex resumed>)        = 0
[pid  1623] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1622] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1623] <... write resumed>)        = 40
[pid  1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1623] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1622] <... futex resumed>)        = 0
[pid  1622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1622] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1622] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1626 attached
 <unfinished ...>
[pid  1626] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1626] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1622] <... clone resumed>, parent_tid=[1626], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1626
[pid  1622] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1626] <... futex resumed>)        = 0
[pid  1622] <... futex resumed>)        = 1
[pid  1626] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1622] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1626] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1626] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1622] <... futex resumed>)        = 0
[pid  1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1622] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1623] <... futex resumed>)        = 0
[pid  1623] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1622] <... futex resumed>)        = 0
[pid  1623] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1622] exit_group(0)               = ?
[pid  1623] <... futex resumed>)        = ?
[pid  1623] +++ exited with 0 +++
[pid  1626] +++ exited with 0 +++
[pid  1622] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1622, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./266/binderfs")                = 0
[   57.957903][ T1626] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   57.974912][ T1626] EXT4-fs (loop0): pa ffff8881db90ebd0: logic 16, phys. 128, len 24
[   57.982975][ T1626] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./266/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./266")                          = 0
mkdir("./267", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1627
./strace-static-x86_64: Process 1627 attached
[pid  1627] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1627] chdir("./267")              = 0
[pid  1627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1627] setpgid(0, 0)               = 0
[pid  1627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1627] write(3, "1000", 4)         = 4
[pid  1627] close(3)                    = 0
[pid  1627] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1627] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1627] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1627] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1628], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1628
[pid  1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1628 attached
) = 0
[pid  1627] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1628] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1628] memfd_create("syzkaller", 0) = 3
[pid  1628] ftruncate(3, 2097152)       = 0
[pid  1628] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1628] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1628] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1628] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1628] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1628] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1628] mkdir("./file0", 0777)      = 0
[pid  1628] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1628] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1628] close(4)                    = 0
[pid  1628] close(3)                    = 0
[pid  1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1627] <... futex resumed>)        = 0
[pid  1628] <... futex resumed>)        = 1
[pid  1628] chdir("./file0" <unfinished ...>
[pid  1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1628] <... chdir resumed>)        = 0
[pid  1627] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1627] <... futex resumed>)        = 0
[pid  1628] <... futex resumed>)        = 1
[pid  1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1627] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1628] creat("./file0", 000)       = 3
[pid  1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1627] <... futex resumed>)        = 0
[pid  1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1628] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1627] <... futex resumed>)        = 0
[pid  1627] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1628] <... write resumed>)        = 40
[pid  1627] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1627] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  1628] <... futex resumed>)        = 0
[pid  1627] <... clone resumed>, parent_tid=[1631], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1631
[pid  1628] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1627] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1627] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1631 attached
 <unfinished ...>
[pid  1631] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1631] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1631] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1627] <... futex resumed>)        = 0
[pid  1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1627] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1631] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1628] <... futex resumed>)        = 0
[pid  1628] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1627] <... futex resumed>)        = 0
[pid  1627] exit_group(0)               = ?
[pid  1631] <... futex resumed>)        = ?
[pid  1628] +++ exited with 0 +++
[pid  1631] +++ exited with 0 +++
[pid  1627] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1627, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./267/binderfs")                = 0
[   58.082528][ T1631] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   58.100109][ T1631] EXT4-fs (loop0): pa ffff8881db90ea80: logic 16, phys. 128, len 24
[   58.108117][ T1631] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./267/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./267")                          = 0
mkdir("./268", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1632 attached
, child_tidptr=0x55555656e5d0) = 1632
[pid  1632] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1632] chdir("./268")              = 0
[pid  1632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1632] setpgid(0, 0)               = 0
[pid  1632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1632] write(3, "1000", 4)         = 4
[pid  1632] close(3)                    = 0
[pid  1632] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1632] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1632] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1632] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1633 attached
, parent_tid=[1633], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1633
[pid  1632] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1632] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1633] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1633] memfd_create("syzkaller", 0) = 3
[pid  1633] ftruncate(3, 2097152)       = 0
[pid  1633] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1633] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1633] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1633] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1633] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1633] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1633] mkdir("./file0", 0777)      = 0
[pid  1633] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1633] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1633] close(4)                    = 0
[pid  1633] close(3)                    = 0
[pid  1633] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1632] <... futex resumed>)        = 0
[pid  1633] <... futex resumed>)        = 1
[pid  1632] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1633] chdir("./file0" <unfinished ...>
[pid  1632] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1633] <... chdir resumed>)        = 0
[pid  1633] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1632] <... futex resumed>)        = 0
[pid  1633] <... futex resumed>)        = 1
[pid  1632] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1633] creat("./file0", 000 <unfinished ...>
[pid  1632] <... futex resumed>)        = 0
[pid  1632] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1633] <... creat resumed>)        = 3
[pid  1633] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1632] <... futex resumed>)        = 0
[pid  1633] <... futex resumed>)        = 1
[pid  1632] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1632] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1632] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1632] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1636], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1636
[pid  1632] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1632] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1633] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 1636 attached
 <unfinished ...>
[pid  1636] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1636] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1636] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1632] <... futex resumed>)        = 0
[pid  1636] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1632] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1636] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1636] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1632] <... futex resumed>)        = 0
[pid  1636] <... futex resumed>)        = 0
[pid  1632] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1636] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1632] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1633] <... write resumed>)        = 40
[pid  1633] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1633] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1632] exit_group(0)               = ?
[pid  1633] <... futex resumed>)        = ?
[pid  1633] +++ exited with 0 +++
[pid  1636] <... futex resumed>)        = ?
[pid  1636] +++ exited with 0 +++
[pid  1632] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1632, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./268/binderfs")                = 0
[   58.245277][ T1636] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./268/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./268")                          = 0
mkdir("./269", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1637
./strace-static-x86_64: Process 1637 attached
[pid  1637] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1637] chdir("./269")              = 0
[pid  1637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1637] setpgid(0, 0)               = 0
[pid  1637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1637] write(3, "1000", 4)         = 4
[pid  1637] close(3)                    = 0
[pid  1637] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1637] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1637] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1637] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1638], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1638
./strace-static-x86_64: Process 1638 attached
[pid  1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1638] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  1637] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1638] <... set_robust_list resumed>) = 0
[pid  1638] memfd_create("syzkaller", 0) = 3
[pid  1638] ftruncate(3, 2097152)       = 0
[pid  1638] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1638] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1638] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1638] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1638] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1638] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1638] mkdir("./file0", 0777)      = 0
[pid  1638] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1638] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1638] close(4)                    = 0
[pid  1638] close(3)                    = 0
[pid  1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1637] <... futex resumed>)        = 0
[pid  1638] <... futex resumed>)        = 1
[pid  1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1637] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1638] chdir("./file0")            = 0
[pid  1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1637] <... futex resumed>)        = 0
[pid  1638] <... futex resumed>)        = 1
[pid  1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1637] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1638] creat("./file0", 000)       = 3
[pid  1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1637] <... futex resumed>)        = 0
[pid  1638] <... futex resumed>)        = 1
[pid  1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1637] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1637] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1637] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1641], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1641
[pid  1637] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1637] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1641 attached
 <unfinished ...>
[pid  1641] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1641] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1638] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1641] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1641] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1638] <... write resumed>)        = 40
[pid  1641] <... futex resumed>)        = 1
[pid  1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1637] <... futex resumed>)        = 0
[pid  1641] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1638] <... futex resumed>)        = 0
[pid  1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1638] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1637] <... futex resumed>)        = 0
[pid  1638] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1637] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1637] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1638] <... futex resumed>)        = 0
[pid  1637] exit_group(0 <unfinished ...>
[pid  1638] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1637] <... exit_group resumed>)   = ?
[pid  1641] <... futex resumed>)        = ?
[pid  1641] +++ exited with 0 +++
[pid  1638] <... futex resumed>)        = ?
[pid  1638] +++ exited with 0 +++
[pid  1637] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1637, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./269/binderfs")                = 0
[   58.365550][ T1641] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./269/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./269")                          = 0
mkdir("./270", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1642
./strace-static-x86_64: Process 1642 attached
[pid  1642] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1642] chdir("./270")              = 0
[pid  1642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1642] setpgid(0, 0)               = 0
[pid  1642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1642] write(3, "1000", 4)         = 4
[pid  1642] close(3)                    = 0
[pid  1642] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1642] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1642] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1642] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1643 attached
, parent_tid=[1643], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1643
[pid  1643] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1643] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1643] <... futex resumed>)        = 0
[pid  1642] <... futex resumed>)        = 1
[pid  1642] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1643] memfd_create("syzkaller", 0) = 3
[pid  1643] ftruncate(3, 2097152)       = 0
[pid  1643] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1643] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1643] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1643] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1643] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1643] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1643] mkdir("./file0", 0777)      = 0
[pid  1643] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1643] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1643] close(4)                    = 0
[pid  1643] close(3)                    = 0
[pid  1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1643] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1642] <... futex resumed>)        = 0
[pid  1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1642] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1643] <... futex resumed>)        = 0
[pid  1643] chdir("./file0")            = 0
[pid  1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1642] <... futex resumed>)        = 0
[pid  1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1642] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1643] <... futex resumed>)        = 1
[pid  1643] creat("./file0", 000)       = 3
[pid  1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1642] <... futex resumed>)        = 0
[pid  1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1642] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1642] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1642] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1646 attached
, parent_tid=[1646], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1646
[pid  1642] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1642] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1643] <... futex resumed>)        = 1
[pid  1643] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1646] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1643] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1646] <... set_robust_list resumed>) = 0
[pid  1646] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1646] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1642] <... futex resumed>)        = 0
[pid  1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1642] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1643] <... futex resumed>)        = 0
[pid  1643] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1642] <... futex resumed>)        = 0
[pid  1642] exit_group(0)               = ?
[pid  1643] <... futex resumed>)        = ?
[pid  1646] +++ exited with 0 +++
[pid  1643] +++ exited with 0 +++
[pid  1642] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1642, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./270/binderfs")                = 0
[   58.457185][ T1646] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   58.473983][ T1643] EXT4-fs (loop0): pa ffff8881db90ef18: logic 16, phys. 128, len 24
[   58.481972][ T1643] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./270/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./270")                          = 0
mkdir("./271", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1647
./strace-static-x86_64: Process 1647 attached
[pid  1647] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1647] chdir("./271")              = 0
[pid  1647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1647] setpgid(0, 0)               = 0
[pid  1647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1647] write(3, "1000", 4)         = 4
[pid  1647] close(3)                    = 0
[pid  1647] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1647] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1647] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1647] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1648], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1648
./strace-static-x86_64: Process 1648 attached
[pid  1648] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1648] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1648] <... futex resumed>)        = 0
[pid  1647] <... futex resumed>)        = 1
[pid  1648] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1647] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1648] <... memfd_create resumed>) = 3
[pid  1648] ftruncate(3, 2097152)       = 0
[pid  1648] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1648] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1648] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1648] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1648] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1648] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1648] mkdir("./file0", 0777)      = 0
[pid  1648] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1648] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1648] close(4)                    = 0
[pid  1648] close(3)                    = 0
[pid  1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1647] <... futex resumed>)        = 0
[pid  1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1647] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1648] chdir("./file0")            = 0
[pid  1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1647] <... futex resumed>)        = 0
[pid  1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1647] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1648] creat("./file0", 000)       = 3
[pid  1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1647] <... futex resumed>)        = 0
[pid  1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1647] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1647] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1647] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1651], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1651
[pid  1647] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1647] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1648] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1648] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1651 attached
 <unfinished ...>
[pid  1651] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1651] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1651] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1647] <... futex resumed>)        = 0
[pid  1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1648] <... futex resumed>)        = 0
[pid  1647] <... futex resumed>)        = 1
[pid  1648] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1647] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1648] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1647] <... futex resumed>)        = 0
[pid  1648] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1647] exit_group(0 <unfinished ...>
[pid  1648] <... futex resumed>)        = ?
[pid  1647] <... exit_group resumed>)   = ?
[pid  1648] +++ exited with 0 +++
[pid  1651] <... futex resumed>)        = ?
[pid  1651] +++ exited with 0 +++
[pid  1647] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1647, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./271/binderfs")                = 0
[   58.587099][ T1651] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   58.603178][ T1651] EXT4-fs (loop0): pa ffff8881e6ba65e8: logic 16, phys. 128, len 24
[   58.611230][ T1651] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./271/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./271")                          = 0
mkdir("./272", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1652
./strace-static-x86_64: Process 1652 attached
[pid  1652] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1652] chdir("./272")              = 0
[pid  1652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1652] setpgid(0, 0)               = 0
[pid  1652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1652] write(3, "1000", 4)         = 4
[pid  1652] close(3)                    = 0
[pid  1652] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1652] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1652] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1652] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1653], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1653
[pid  1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1653 attached
) = 0
[pid  1652] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1653] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1653] memfd_create("syzkaller", 0) = 3
[pid  1653] ftruncate(3, 2097152)       = 0
[pid  1653] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1653] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1653] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1653] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1653] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1653] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1653] mkdir("./file0", 0777)      = 0
[pid  1653] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1653] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1653] close(4)                    = 0
[pid  1653] close(3)                    = 0
[pid  1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1652] <... futex resumed>)        = 0
[pid  1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1652] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1653] <... futex resumed>)        = 1
[pid  1653] chdir("./file0")            = 0
[pid  1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1652] <... futex resumed>)        = 0
[pid  1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1652] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1653] <... futex resumed>)        = 1
[pid  1653] creat("./file0", 000)       = 3
[pid  1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1652] <... futex resumed>)        = 0
[pid  1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1652] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1652] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1652] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1656], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1656
./strace-static-x86_64: Process 1656 attached
[pid  1652] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1652] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1653] <... futex resumed>)        = 1
[pid  1653] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1656] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1653] <... write resumed>)        = 40
[pid  1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1653] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1656] <... set_robust_list resumed>) = 0
[pid  1656] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1656] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1652] <... futex resumed>)        = 0
[pid  1656] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1653] <... futex resumed>)        = 0
[pid  1652] <... futex resumed>)        = 1
[pid  1653] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1652] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1653] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1653] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1652] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1652] exit_group(0 <unfinished ...>
[pid  1656] <... futex resumed>)        = ?
[pid  1653] <... futex resumed>)        = ?
[pid  1652] <... exit_group resumed>)   = ?
[pid  1656] +++ exited with 0 +++
[pid  1653] +++ exited with 0 +++
[pid  1652] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1652, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./272/binderfs")                = 0
[   58.703401][ T1656] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   58.720646][ T1652] EXT4-fs (loop0): pa ffff8881db90e2a0: logic 16, phys. 128, len 24
[   58.728633][ T1652] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./272/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./272")                          = 0
mkdir("./273", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1657
./strace-static-x86_64: Process 1657 attached
[pid  1657] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1657] chdir("./273")              = 0
[pid  1657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1657] setpgid(0, 0)               = 0
[pid  1657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1657] write(3, "1000", 4)         = 4
[pid  1657] close(3)                    = 0
[pid  1657] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1657] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1657] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1657] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1658 attached
, parent_tid=[1658], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1658
[pid  1658] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1658] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1658] <... futex resumed>)        = 0
[pid  1658] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1657] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1658] <... memfd_create resumed>) = 3
[pid  1658] ftruncate(3, 2097152)       = 0
[pid  1658] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1658] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1658] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1658] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1658] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1658] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1658] mkdir("./file0", 0777)      = 0
[pid  1658] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1658] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1658] close(4)                    = 0
[pid  1658] close(3)                    = 0
[pid  1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1657] <... futex resumed>)        = 0
[pid  1658] <... futex resumed>)        = 1
[pid  1658] chdir("./file0" <unfinished ...>
[pid  1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1657] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1658] <... chdir resumed>)        = 0
[pid  1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1657] <... futex resumed>)        = 0
[pid  1658] <... futex resumed>)        = 1
[pid  1658] creat("./file0", 000 <unfinished ...>
[pid  1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1657] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1658] <... creat resumed>)        = 3
[pid  1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1657] <... futex resumed>)        = 0
[pid  1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1657] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1657] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1657] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1661], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1661
[pid  1657] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1657] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1658] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1658] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1661 attached
 <unfinished ...>
[pid  1661] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1661] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1661] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1657] <... futex resumed>)        = 0
[pid  1661] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1657] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1658] <... futex resumed>)        = 0
[pid  1658] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1657] <... futex resumed>)        = 0
[pid  1657] exit_group(0)               = ?
[pid  1661] <... futex resumed>)        = ?
[pid  1661] +++ exited with 0 +++
[pid  1658] +++ exited with 0 +++
[pid  1657] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1657, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./273/binderfs")                = 0
[   58.885846][ T1661] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   58.903102][ T1658] EXT4-fs (loop0): pa ffff8881e6ba6dc8: logic 16, phys. 128, len 24
[   58.911108][ T1658] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./273/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./273")                          = 0
mkdir("./274", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1662 attached
, child_tidptr=0x55555656e5d0) = 1662
[pid  1662] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1662] chdir("./274")              = 0
[pid  1662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1662] setpgid(0, 0)               = 0
[pid  1662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1662] write(3, "1000", 4)         = 4
[pid  1662] close(3)                    = 0
[pid  1662] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1662] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1662] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1662] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1663 attached
, parent_tid=[1663], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1663
[pid  1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1662] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1663] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1663] memfd_create("syzkaller", 0) = 3
[pid  1663] ftruncate(3, 2097152)       = 0
[pid  1663] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1663] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1663] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1663] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1663] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1663] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1663] mkdir("./file0", 0777)      = 0
[pid  1663] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1663] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1663] close(4)                    = 0
[pid  1663] close(3)                    = 0
[pid  1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1662] <... futex resumed>)        = 0
[pid  1663] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1663] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1662] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1663] chdir("./file0")            = 0
[pid  1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1662] <... futex resumed>)        = 0
[pid  1663] creat("./file0", 000 <unfinished ...>
[pid  1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1662] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1663] <... creat resumed>)        = 3
[pid  1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1662] <... futex resumed>)        = 0
[pid  1663] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1663] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1662] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1663] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1663] <... write resumed>)        = 40
[pid  1662] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1662] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  1663] <... futex resumed>)        = 0
./strace-static-x86_64: Process 1666 attached
[pid  1663] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1662] <... clone resumed>, parent_tid=[1666], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1666
[pid  1662] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1662] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1666] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1666] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1666] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1662] <... futex resumed>)        = 0
[pid  1666] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1663] <... futex resumed>)        = 0
[pid  1662] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1663] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1662] <... futex resumed>)        = 0
[pid  1663] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1662] exit_group(0)               = ?
[pid  1663] <... futex resumed>)        = ?
[pid  1663] +++ exited with 0 +++
[pid  1666] <... futex resumed>)        = ?
[pid  1666] +++ exited with 0 +++
[pid  1662] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1662, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./274/binderfs")                = 0
[   59.036764][ T1666] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   59.053117][ T1666] EXT4-fs (loop0): pa ffff8881e6ba62a0: logic 16, phys. 128, len 24
[   59.061130][ T1666] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./274/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./274")                          = 0
mkdir("./275", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1667
./strace-static-x86_64: Process 1667 attached
[pid  1667] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1667] chdir("./275")              = 0
[pid  1667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1667] setpgid(0, 0)               = 0
[pid  1667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1667] write(3, "1000", 4)         = 4
[pid  1667] close(3)                    = 0
[pid  1667] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1667] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1667] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1667] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1668], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1668
[pid  1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1667] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1668 attached
 <unfinished ...>
[pid  1668] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1668] memfd_create("syzkaller", 0) = 3
[pid  1668] ftruncate(3, 2097152)       = 0
[pid  1668] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1668] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1668] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1668] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1668] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1668] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1668] mkdir("./file0", 0777)      = 0
[pid  1668] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1668] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1668] close(4)                    = 0
[pid  1668] close(3)                    = 0
[pid  1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1667] <... futex resumed>)        = 0
[pid  1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1667] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1668] chdir("./file0")            = 0
[pid  1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1667] <... futex resumed>)        = 0
[pid  1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1667] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1668] creat("./file0", 000)       = 3
[pid  1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1667] <... futex resumed>)        = 0
[pid  1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1667] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1667] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1667] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1671], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1671
[pid  1667] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1667] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1671 attached
 <unfinished ...>
[pid  1671] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1671] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1668] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1671] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1671] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1668] <... write resumed>)        = 40
[pid  1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1668] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1671] <... futex resumed>)        = 1
[pid  1667] <... futex resumed>)        = 0
[pid  1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1667] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1671] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1668] <... futex resumed>)        = 0
[pid  1668] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1667] <... futex resumed>)        = 0
[pid  1667] exit_group(0)               = ?
[pid  1671] <... futex resumed>)        = ?
[pid  1668] <... futex resumed>)        = ?
[pid  1668] +++ exited with 0 +++
[pid  1671] +++ exited with 0 +++
[pid  1667] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1667, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./275/binderfs")                = 0
[   59.149053][ T1671] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./275/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./275")                          = 0
mkdir("./276", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1672
./strace-static-x86_64: Process 1672 attached
[pid  1672] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1672] chdir("./276")              = 0
[pid  1672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1672] setpgid(0, 0)               = 0
[pid  1672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1672] write(3, "1000", 4)         = 4
[pid  1672] close(3)                    = 0
[pid  1672] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1672] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1672] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1672] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1673], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1673
[pid  1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1672] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1673 attached
 <unfinished ...>
[pid  1673] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1673] memfd_create("syzkaller", 0) = 3
[pid  1673] ftruncate(3, 2097152)       = 0
[pid  1673] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1673] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1673] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1673] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1673] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1673] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1673] mkdir("./file0", 0777)      = 0
[pid  1673] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1673] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1673] close(4)                    = 0
[pid  1673] close(3)                    = 0
[pid  1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1672] <... futex resumed>)        = 0
[pid  1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1672] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1673] chdir("./file0")            = 0
[pid  1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1672] <... futex resumed>)        = 0
[pid  1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1672] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1673] creat("./file0", 000)       = 3
[pid  1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1672] <... futex resumed>)        = 0
[pid  1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1672] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1672] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1672] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1676], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1676
[pid  1672] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1672] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1676 attached
 <unfinished ...>
[pid  1676] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1676] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1673] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1676] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1676] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1673] <... write resumed>)        = 40
[pid  1676] <... futex resumed>)        = 1
[pid  1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1672] <... futex resumed>)        = 0
[pid  1676] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1673] <... futex resumed>)        = 0
[pid  1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1673] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1672] <... futex resumed>)        = 0
[pid  1673] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1672] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1672] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1673] <... futex resumed>)        = 0
[pid  1673] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1672] exit_group(0 <unfinished ...>
[pid  1676] <... futex resumed>)        = ?
[pid  1673] <... futex resumed>)        = ?
[pid  1672] <... exit_group resumed>)   = ?
[pid  1676] +++ exited with 0 +++
[pid  1673] +++ exited with 0 +++
[pid  1672] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1672, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./276/binderfs")                = 0
[   59.266558][ T1676] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./276/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./276")                          = 0
mkdir("./277", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1677 attached
, child_tidptr=0x55555656e5d0) = 1677
[pid  1677] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1677] chdir("./277")              = 0
[pid  1677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1677] setpgid(0, 0)               = 0
[pid  1677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1677] write(3, "1000", 4)         = 4
[pid  1677] close(3)                    = 0
[pid  1677] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1677] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1677] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1677] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1678 attached
 <unfinished ...>
[pid  1678] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1678] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1677] <... clone resumed>, parent_tid=[1678], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1678
[pid  1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1678] <... futex resumed>)        = 0
[pid  1678] memfd_create("syzkaller", 0) = 3
[pid  1678] ftruncate(3, 2097152)       = 0
[pid  1678] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1678] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1678] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1678] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1678] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1678] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  1677] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1678] <... ioctl resumed>)        = 0
[pid  1678] mkdir("./file0", 0777)      = 0
[pid  1678] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1678] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1678] close(4)                    = 0
[pid  1678] close(3)                    = 0
[pid  1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1677] <... futex resumed>)        = 0
[pid  1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1677] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1678] <... futex resumed>)        = 1
[pid  1678] chdir("./file0")            = 0
[pid  1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1677] <... futex resumed>)        = 0
[pid  1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1677] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1678] <... futex resumed>)        = 1
[pid  1678] creat("./file0", 000)       = 3
[pid  1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1677] <... futex resumed>)        = 0
[pid  1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1677] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1677] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1677] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1681], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1681
[pid  1677] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1677] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1678] <... futex resumed>)        = 1
[pid  1678] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1678] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1681 attached
 <unfinished ...>
[pid  1681] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1681] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1681] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1677] <... futex resumed>)        = 0
[pid  1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1677] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1678] <... futex resumed>)        = 0
[pid  1678] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1677] <... futex resumed>)        = 0
[pid  1677] exit_group(0)               = ?
[pid  1678] <... futex resumed>)        = ?
[pid  1678] +++ exited with 0 +++
[pid  1681] +++ exited with 0 +++
[pid  1677] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1677, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./277/binderfs")                = 0
[   59.373842][ T1681] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   59.390652][ T1681] EXT4-fs (loop0): pa ffff8881db90ee70: logic 16, phys. 128, len 24
[   59.398656][ T1681] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./277/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./277")                          = 0
mkdir("./278", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1682
./strace-static-x86_64: Process 1682 attached
[pid  1682] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1682] chdir("./278")              = 0
[pid  1682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1682] setpgid(0, 0)               = 0
[pid  1682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1682] write(3, "1000", 4)         = 4
[pid  1682] close(3)                    = 0
[pid  1682] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1682] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1682] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1682] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1683 attached
, parent_tid=[1683], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1683
[pid  1683] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1683] <... futex resumed>)        = 0
[pid  1682] <... futex resumed>)        = 1
[pid  1683] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1682] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1683] <... memfd_create resumed>) = 3
[pid  1683] ftruncate(3, 2097152)       = 0
[pid  1683] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1683] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1683] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1683] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1683] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1683] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1683] mkdir("./file0", 0777)      = 0
[pid  1683] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1683] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1683] close(4)                    = 0
[pid  1683] close(3)                    = 0
[pid  1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1682] <... futex resumed>)        = 0
[pid  1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1683] <... futex resumed>)        = 0
[pid  1682] <... futex resumed>)        = 1
[pid  1683] chdir("./file0")            = 0
[pid  1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1682] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1683] <... futex resumed>)        = 0
[pid  1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1682] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1683] <... futex resumed>)        = 0
[pid  1682] <... futex resumed>)        = 1
[pid  1683] creat("./file0", 000 <unfinished ...>
[pid  1682] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1683] <... creat resumed>)        = 3
[pid  1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1682] <... futex resumed>)        = 0
[pid  1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1683] <... futex resumed>)        = 0
[pid  1682] <... futex resumed>)        = 1
[pid  1682] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1683] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1682] <... futex resumed>)        = 0
[pid  1683] <... futex resumed>)        = 0
[pid  1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1682] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1682] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1686 attached
, parent_tid=[1686], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1686
[pid  1686] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1682] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1686] <... set_robust_list resumed>) = 0
[pid  1682] <... futex resumed>)        = 0
[pid  1686] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1682] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1686] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1686] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1682] <... futex resumed>)        = 0
[pid  1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1683] <... futex resumed>)        = 0
[pid  1683] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1682] <... futex resumed>)        = 1
[pid  1682] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1682] exit_group(0 <unfinished ...>
[pid  1683] <... futex resumed>)        = ?
[pid  1683] +++ exited with 0 +++
[pid  1682] <... exit_group resumed>)   = ?
[pid  1686] +++ exited with 0 +++
[pid  1682] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1682, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./278/binderfs")                = 0
[   59.521892][ T1686] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   59.538196][ T1686] EXT4-fs (loop0): pa ffff8881db8a22a0: logic 16, phys. 128, len 24
[   59.546240][ T1686] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./278/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./278")                          = 0
mkdir("./279", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1687
./strace-static-x86_64: Process 1687 attached
[pid  1687] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1687] chdir("./279")              = 0
[pid  1687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1687] setpgid(0, 0)               = 0
[pid  1687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1687] write(3, "1000", 4)         = 4
[pid  1687] close(3)                    = 0
[pid  1687] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1687] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1687] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1687] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1688 attached
, parent_tid=[1688], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1688
[pid  1688] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1688] <... futex resumed>)        = 0
[pid  1688] memfd_create("syzkaller", 0) = 3
[pid  1688] ftruncate(3, 2097152)       = 0
[pid  1688] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1688] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1688] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1688] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1688] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1688] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  1687] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1688] <... ioctl resumed>)        = 0
[pid  1688] mkdir("./file0", 0777)      = 0
[pid  1688] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1688] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1688] close(4)                    = 0
[pid  1688] close(3)                    = 0
[pid  1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1687] <... futex resumed>)        = 0
[pid  1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1688] <... futex resumed>)        = 0
[pid  1688] chdir("./file0")            = 0
[pid  1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1687] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1687] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1688] <... futex resumed>)        = 0
[pid  1688] creat("./file0", 000)       = 3
[pid  1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1687] <... futex resumed>)        = 0
[pid  1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1688] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1687] <... futex resumed>)        = 0
[pid  1688] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1687] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1688] <... write resumed>)        = 40
[pid  1687] <... futex resumed>)        = 0
[pid  1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1688] <... futex resumed>)        = 0
[pid  1687] <... mmap resumed>)         = 0x7f0168051000
[pid  1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1687] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1687] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1691], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1691
[pid  1687] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1687] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1691 attached
 <unfinished ...>
[pid  1691] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1691] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1691] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1687] <... futex resumed>)        = 0
[pid  1691] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1688] <... futex resumed>)        = 0
[pid  1688] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1687] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1687] exit_group(0)               = ?
[pid  1688] <... futex resumed>)        = ?
[pid  1688] +++ exited with 0 +++
[pid  1691] <... futex resumed>)        = ?
[pid  1691] +++ exited with 0 +++
[pid  1687] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1687, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./279/binderfs")                = 0
[   59.662431][ T1691] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   59.679774][ T1691] EXT4-fs (loop0): pa ffff8881dba2c000: logic 16, phys. 128, len 24
[   59.687920][ T1691] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./279/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./279")                          = 0
mkdir("./280", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1692
./strace-static-x86_64: Process 1692 attached
[pid  1692] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1692] chdir("./280")              = 0
[pid  1692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1692] setpgid(0, 0)               = 0
[pid  1692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1692] write(3, "1000", 4)         = 4
[pid  1692] close(3)                    = 0
[pid  1692] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1692] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1692] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1692] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1693], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1693
[pid  1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1692] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1693 attached
 <unfinished ...>
[pid  1693] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1693] memfd_create("syzkaller", 0) = 3
[pid  1693] ftruncate(3, 2097152)       = 0
[pid  1693] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1693] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1693] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1693] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1693] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1693] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1693] mkdir("./file0", 0777)      = 0
[pid  1693] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1693] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1693] close(4)                    = 0
[pid  1693] close(3)                    = 0
[pid  1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1692] <... futex resumed>)        = 0
[pid  1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1693] <... futex resumed>)        = 0
[pid  1693] chdir("./file0")            = 0
[pid  1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1692] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1692] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1693] <... futex resumed>)        = 0
[pid  1693] creat("./file0", 000)       = 3
[pid  1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1692] <... futex resumed>)        = 0
[pid  1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1693] <... futex resumed>)        = 0
[pid  1693] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1692] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1692] <... futex resumed>)        = 0
[pid  1693] <... futex resumed>)        = 0
[pid  1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1692] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1692] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1696 attached
, parent_tid=[1696], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1696
[pid  1696] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1696] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1692] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1696] <... futex resumed>)        = 0
[pid  1696] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1692] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1696] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1696] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1692] <... futex resumed>)        = 0
[pid  1696] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1693] <... futex resumed>)        = 0
[pid  1692] <... futex resumed>)        = 1
[pid  1693] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1692] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1693] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1692] <... futex resumed>)        = 0
[pid  1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1692] exit_group(0)               = ?
[pid  1693] <... futex resumed>)        = ?
[pid  1693] +++ exited with 0 +++
[pid  1696] <... futex resumed>)        = ?
[pid  1696] +++ exited with 0 +++
[pid  1692] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1692, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./280/binderfs")                = 0
[   59.857757][ T1696] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   59.874807][ T1696] EXT4-fs (loop0): pa ffff8881dba2c0a8: logic 16, phys. 128, len 24
[   59.882863][ T1696] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./280/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./280")                          = 0
mkdir("./281", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1697
./strace-static-x86_64: Process 1697 attached
[pid  1697] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1697] chdir("./281")              = 0
[pid  1697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1697] setpgid(0, 0)               = 0
[pid  1697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1697] write(3, "1000", 4)         = 4
[pid  1697] close(3)                    = 0
[pid  1697] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1697] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1697] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1697] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1698 attached
, parent_tid=[1698], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1698
[pid  1698] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1698] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1698] <... futex resumed>)        = 0
[pid  1698] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1697] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1698] <... memfd_create resumed>) = 3
[pid  1698] ftruncate(3, 2097152)       = 0
[pid  1698] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1698] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1698] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1698] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1698] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1698] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1698] mkdir("./file0", 0777)      = 0
[pid  1698] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1698] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1698] close(4)                    = 0
[pid  1698] close(3)                    = 0
[pid  1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1698] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1697] <... futex resumed>)        = 0
[pid  1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1697] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1698] <... futex resumed>)        = 0
[pid  1698] chdir("./file0")            = 0
[pid  1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1698] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1697] <... futex resumed>)        = 0
[pid  1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1698] <... futex resumed>)        = 0
[pid  1697] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1698] creat("./file0", 000)       = 3
[pid  1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1697] <... futex resumed>)        = 0
[pid  1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1697] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1698] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1697] <... futex resumed>)        = 0
[pid  1697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1698] <... write resumed>)        = 40
[pid  1697] <... mmap resumed>)         = 0x7f0168051000
[pid  1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1697] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1698] <... futex resumed>)        = 0
[pid  1698] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1697] <... mprotect resumed>)     = 0
[pid  1697] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1701], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1701
[pid  1697] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1697] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1701 attached
 <unfinished ...>
[pid  1701] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1701] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1701] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1697] <... futex resumed>)        = 0
[pid  1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1697] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1701] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1698] <... futex resumed>)        = 0
[pid  1698] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1697] <... futex resumed>)        = 0
[pid  1697] exit_group(0)               = ?
[pid  1701] <... futex resumed>)        = ?
[pid  1698] <... futex resumed>)        = ?
[pid  1698] +++ exited with 0 +++
[pid  1701] +++ exited with 0 +++
[pid  1697] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1697, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./281/binderfs")                = 0
[   60.018541][ T1701] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   60.035719][ T1701] EXT4-fs (loop0): pa ffff8881db8a27e0: logic 16, phys. 128, len 24
[   60.043738][ T1701] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./281/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./281")                          = 0
mkdir("./282", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1702
./strace-static-x86_64: Process 1702 attached
[pid  1702] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1702] chdir("./282")              = 0
[pid  1702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1702] setpgid(0, 0)               = 0
[pid  1702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1702] write(3, "1000", 4)         = 4
[pid  1702] close(3)                    = 0
[pid  1702] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1702] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1702] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1702] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1703 attached
, parent_tid=[1703], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1703
[pid  1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1702] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1703] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1703] memfd_create("syzkaller", 0) = 3
[pid  1703] ftruncate(3, 2097152)       = 0
[pid  1703] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1703] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1703] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1703] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1703] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1703] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1703] mkdir("./file0", 0777)      = 0
[pid  1703] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1703] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1703] close(4)                    = 0
[pid  1703] close(3)                    = 0
[pid  1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1702] <... futex resumed>)        = 0
[pid  1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1703] <... futex resumed>)        = 0
[pid  1702] <... futex resumed>)        = 1
[pid  1703] chdir("./file0")            = 0
[pid  1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1702] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1702] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1703] <... futex resumed>)        = 0
[pid  1702] <... futex resumed>)        = 1
[pid  1703] creat("./file0", 000)       = 3
[pid  1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1702] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1703] <... futex resumed>)        = 0
[pid  1702] <... futex resumed>)        = 1
[pid  1703] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1702] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1703] <... write resumed>)        = 40
[pid  1702] <... futex resumed>)        = 0
[pid  1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1703] <... futex resumed>)        = 0
[pid  1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1702] <... mmap resumed>)         = 0x7f0168051000
[pid  1702] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1702] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1706 attached
 <unfinished ...>
[pid  1706] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1706] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1702] <... clone resumed>, parent_tid=[1706], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1706
[pid  1702] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1706] <... futex resumed>)        = 0
[pid  1706] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1702] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1706] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1706] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1706] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1702] <... futex resumed>)        = 0
[pid  1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1703] <... futex resumed>)        = 0
[pid  1703] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1702] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1702] exit_group(0 <unfinished ...>
[pid  1706] <... futex resumed>)        = 231
[pid  1703] <... futex resumed>)        = ?
[pid  1706] +++ exited with 0 +++
[pid  1703] +++ exited with 0 +++
[pid  1702] <... exit_group resumed>)   = ?
[pid  1702] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1702, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./282/binderfs")                = 0
[   60.155484][ T1706] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   60.173164][ T1702] EXT4-fs (loop0): pa ffff8881db8a2738: logic 16, phys. 128, len 24
[   60.181264][ T1702] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./282/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./282")                          = 0
mkdir("./283", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1707
./strace-static-x86_64: Process 1707 attached
[pid  1707] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1707] chdir("./283")              = 0
[pid  1707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1707] setpgid(0, 0)               = 0
[pid  1707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1707] write(3, "1000", 4)         = 4
[pid  1707] close(3)                    = 0
[pid  1707] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1707] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1707] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1707] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1708], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1708
[pid  1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 1708 attached
[pid  1708] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1708] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1707] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1708] <... memfd_create resumed>) = 3
[pid  1708] ftruncate(3, 2097152)       = 0
[pid  1708] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1708] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1708] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1708] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1708] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1708] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1708] mkdir("./file0", 0777)      = 0
[pid  1708] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1708] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1708] close(4)                    = 0
[pid  1708] close(3)                    = 0
[pid  1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1707] <... futex resumed>)        = 0
[pid  1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1707] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1708] <... futex resumed>)        = 1
[pid  1708] chdir("./file0")            = 0
[pid  1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1707] <... futex resumed>)        = 0
[pid  1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1707] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1708] <... futex resumed>)        = 1
[pid  1708] creat("./file0", 000)       = 3
[pid  1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1707] <... futex resumed>)        = 0
[pid  1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1707] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1707] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1707] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1711 attached
, parent_tid=[1711], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1711
[pid  1707] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1707] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1711] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1708] <... futex resumed>)        = 1
[pid  1711] <... set_robust_list resumed>) = 0
[pid  1708] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1708] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1711] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1711] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1707] <... futex resumed>)        = 0
[pid  1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1707] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1708] <... futex resumed>)        = 0
[pid  1708] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1711] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1708] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1707] <... futex resumed>)        = 0
[pid  1707] exit_group(0)               = ?
[pid  1711] <... futex resumed>)        = ?
[pid  1708] <... futex resumed>)        = ?
[pid  1708] +++ exited with 0 +++
[pid  1711] +++ exited with 0 +++
[pid  1707] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1707, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./283/binderfs")                = 0
[   60.323036][ T1711] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   60.340032][ T1711] EXT4-fs (loop0): pa ffff8881db8a2f18: logic 16, phys. 128, len 24
[   60.348038][ T1711] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./283/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./283")                          = 0
mkdir("./284", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1712
./strace-static-x86_64: Process 1712 attached
[pid  1712] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1712] chdir("./284")              = 0
[pid  1712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1712] setpgid(0, 0)               = 0
[pid  1712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1712] write(3, "1000", 4)         = 4
[pid  1712] close(3)                    = 0
[pid  1712] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1712] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1712] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1712] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1713 attached
, parent_tid=[1713], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1713
[pid  1713] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1713] <... set_robust_list resumed>) = 0
[pid  1712] <... futex resumed>)        = 0
[pid  1712] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1713] memfd_create("syzkaller", 0) = 3
[pid  1713] ftruncate(3, 2097152)       = 0
[pid  1713] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1713] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1713] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1713] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1713] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1713] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1713] mkdir("./file0", 0777)      = 0
[pid  1713] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1713] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1713] close(4)                    = 0
[pid  1713] close(3)                    = 0
[pid  1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1712] <... futex resumed>)        = 0
[pid  1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1712] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1713] chdir("./file0")            = 0
[pid  1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1712] <... futex resumed>)        = 0
[pid  1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1712] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1713] creat("./file0", 000)       = 3
[pid  1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1712] <... futex resumed>)        = 0
[pid  1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1712] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1712] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1712] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1716], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1716
[pid  1712] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1712] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1713] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 1716 attached
 <unfinished ...>
[pid  1716] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1716] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1713] <... write resumed>)        = 40
[pid  1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1713] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1716] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1716] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1712] <... futex resumed>)        = 0
[pid  1716] <... futex resumed>)        = 1
[pid  1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1716] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1712] <... futex resumed>)        = 1
[pid  1712] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1713] <... futex resumed>)        = 0
[pid  1713] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1712] <... futex resumed>)        = 0
[pid  1712] exit_group(0 <unfinished ...>
[pid  1716] <... futex resumed>)        = ?
[pid  1712] <... exit_group resumed>)   = ?
[pid  1716] +++ exited with 0 +++
[pid  1713] +++ exited with 0 +++
[pid  1712] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1712, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./284/binderfs")                = 0
[   60.497883][ T1716] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   60.514834][ T1713] EXT4-fs (loop0): pa ffff8881db8a2a80: logic 16, phys. 128, len 24
[   60.522873][ T1713] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./284/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./284")                          = 0
mkdir("./285", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1717 attached
, child_tidptr=0x55555656e5d0) = 1717
[pid  1717] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1717] chdir("./285")              = 0
[pid  1717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1717] setpgid(0, 0)               = 0
[pid  1717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1717] write(3, "1000", 4)         = 4
[pid  1717] close(3)                    = 0
[pid  1717] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1717] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1717] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1717] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1718 attached
, parent_tid=[1718], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1718
[pid  1718] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1718] <... futex resumed>)        = 0
[pid  1717] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1718] memfd_create("syzkaller", 0) = 3
[pid  1718] ftruncate(3, 2097152)       = 0
[pid  1718] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1718] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1718] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1718] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1718] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1718] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1718] mkdir("./file0", 0777)      = 0
[pid  1718] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1718] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1718] close(4)                    = 0
[pid  1718] close(3)                    = 0
[pid  1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1717] <... futex resumed>)        = 0
[pid  1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1718] <... futex resumed>)        = 0
[pid  1717] <... futex resumed>)        = 1
[pid  1718] chdir("./file0" <unfinished ...>
[pid  1717] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1718] <... chdir resumed>)        = 0
[pid  1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1717] <... futex resumed>)        = 0
[pid  1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1718] <... futex resumed>)        = 0
[pid  1717] <... futex resumed>)        = 1
[pid  1718] creat("./file0", 000 <unfinished ...>
[pid  1717] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1718] <... creat resumed>)        = 3
[pid  1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1717] <... futex resumed>)        = 0
[pid  1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1717] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1718] <... futex resumed>)        = 0
[pid  1718] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1717] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1718] <... write resumed>)        = 40
[pid  1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1717] <... mprotect resumed>)     = 0
[pid  1717] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1721 attached
 <unfinished ...>
[pid  1721] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1717] <... clone resumed>, parent_tid=[1721], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1721
[pid  1721] <... set_robust_list resumed>) = 0
[pid  1717] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1721] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1717] <... futex resumed>)        = 0
[pid  1717] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1721] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1721] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1717] <... futex resumed>)        = 0
[pid  1721] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1718] <... futex resumed>)        = 0
[pid  1717] <... futex resumed>)        = 1
[pid  1718] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1717] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1718] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1717] <... futex resumed>)        = 0
[pid  1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1717] exit_group(0 <unfinished ...>
[pid  1718] <... futex resumed>)        = ?
[pid  1717] <... exit_group resumed>)   = ?
[pid  1718] +++ exited with 0 +++
[pid  1721] <... futex resumed>)        = ?
[pid  1721] +++ exited with 0 +++
[pid  1717] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1717, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./285/binderfs")                = 0
[   60.651160][ T1721] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   60.667019][ T1721] EXT4-fs (loop0): pa ffff8881db8a29d8: logic 16, phys. 128, len 24
[   60.675128][ T1721] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./285/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./285")                          = 0
mkdir("./286", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1722
./strace-static-x86_64: Process 1722 attached
[pid  1722] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1722] chdir("./286")              = 0
[pid  1722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1722] setpgid(0, 0)               = 0
[pid  1722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1722] write(3, "1000", 4)         = 4
[pid  1722] close(3)                    = 0
[pid  1722] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1722] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1722] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1722] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1723], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1723
[pid  1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1722] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1723 attached
 <unfinished ...>
[pid  1723] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1723] memfd_create("syzkaller", 0) = 3
[pid  1723] ftruncate(3, 2097152)       = 0
[pid  1723] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1723] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1723] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1723] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1723] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1723] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1723] mkdir("./file0", 0777)      = 0
[pid  1723] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1723] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1723] close(4)                    = 0
[pid  1723] close(3)                    = 0
[pid  1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1722] <... futex resumed>)        = 0
[pid  1723] <... futex resumed>)        = 1
[pid  1723] chdir("./file0" <unfinished ...>
[pid  1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1722] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1723] <... chdir resumed>)        = 0
[pid  1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1722] <... futex resumed>)        = 0
[pid  1723] creat("./file0", 000 <unfinished ...>
[pid  1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1722] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1723] <... creat resumed>)        = 3
[pid  1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1722] <... futex resumed>)        = 0
[pid  1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1722] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1722] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1722] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  1723] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1722] <... clone resumed>, parent_tid=[1726], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1726
[pid  1723] <... futex resumed>)        = 0
[pid  1722] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1723] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1722] <... futex resumed>)        = 0
[pid  1722] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1726 attached
 <unfinished ...>
[pid  1726] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1726] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1726] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1722] <... futex resumed>)        = 0
[pid  1726] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1723] <... futex resumed>)        = 0
[pid  1723] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1723] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1722] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1722] exit_group(0 <unfinished ...>
[pid  1726] <... futex resumed>)        = ?
[pid  1723] <... futex resumed>)        = ?
[pid  1722] <... exit_group resumed>)   = ?
[pid  1723] +++ exited with 0 +++
[pid  1726] +++ exited with 0 +++
[pid  1722] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1722, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./286/binderfs")                = 0
[   60.791950][ T1726] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   60.809603][ T1726] EXT4-fs (loop0): pa ffff8881db8a2bd0: logic 16, phys. 128, len 24
[   60.817632][ T1726] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./286/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./286")                          = 0
mkdir("./287", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1727
./strace-static-x86_64: Process 1727 attached
[pid  1727] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1727] chdir("./287")              = 0
[pid  1727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1727] setpgid(0, 0)               = 0
[pid  1727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1727] write(3, "1000", 4)         = 4
[pid  1727] close(3)                    = 0
[pid  1727] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1727] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1727] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1727] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1728], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1728
./strace-static-x86_64: Process 1728 attached
[pid  1727] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1727] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1728] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1728] memfd_create("syzkaller", 0) = 3
[pid  1728] ftruncate(3, 2097152)       = 0
[pid  1728] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1728] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1728] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1728] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1728] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1728] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1728] mkdir("./file0", 0777)      = 0
[pid  1728] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1728] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1728] close(4)                    = 0
[pid  1728] close(3)                    = 0
[pid  1728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1727] <... futex resumed>)        = 0
[pid  1727] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1727] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1728] <... futex resumed>)        = 1
[pid  1728] chdir("./file0")            = 0
[pid  1728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1727] <... futex resumed>)        = 0
[pid  1728] <... futex resumed>)        = 1
[pid  1727] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1727] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1728] creat("./file0", 000)       = 3
[pid  1728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1727] <... futex resumed>)        = 0
[pid  1727] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1727] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1727] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1727] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1731], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1731
[pid  1727] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1731 attached
) = 0
[pid  1731] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1727] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1731] <... set_robust_list resumed>) = 0
[pid  1731] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1728] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1731] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1731] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1727] <... futex resumed>)        = 0
[pid  1731] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1727] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1731] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1727] <... futex resumed>)        = 0
[pid  1731] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1727] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1731] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1727] <... futex resumed>)        = 0
[pid  1731] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1728] <... write resumed>)        = 40
[pid  1728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1728] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1727] exit_group(0)               = ?
[pid  1731] <... futex resumed>)        = ?
[pid  1731] +++ exited with 0 +++
[pid  1728] <... futex resumed>)        = ?
[pid  1728] +++ exited with 0 +++
[pid  1727] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1727, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./287/binderfs")                = 0
[   60.963405][ T1731] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./287/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./287")                          = 0
mkdir("./288", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1732
./strace-static-x86_64: Process 1732 attached
[pid  1732] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1732] chdir("./288")              = 0
[pid  1732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1732] setpgid(0, 0)               = 0
[pid  1732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1732] write(3, "1000", 4)         = 4
[pid  1732] close(3)                    = 0
[pid  1732] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1732] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1732] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1732] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1733], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1733
[pid  1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1733 attached
 <unfinished ...>
[pid  1733] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1733] memfd_create("syzkaller", 0) = 3
[pid  1733] ftruncate(3, 2097152)       = 0
[pid  1733] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1733] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1733] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1733] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1733] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1733] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1733] mkdir("./file0", 0777)      = 0
[pid  1733] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1733] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1733] close(4)                    = 0
[pid  1733] close(3)                    = 0
[pid  1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1732] <... futex resumed>)        = 0
[pid  1733] chdir("./file0" <unfinished ...>
[pid  1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1733] <... chdir resumed>)        = 0
[pid  1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1733] <... futex resumed>)        = 0
[pid  1732] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1733] creat("./file0", 000 <unfinished ...>
[pid  1732] <... futex resumed>)        = 0
[pid  1732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1733] <... creat resumed>)        = 3
[pid  1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1732] <... futex resumed>)        = 0
[pid  1733] <... futex resumed>)        = 1
[pid  1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1733] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1732] <... futex resumed>)        = 0
[pid  1732] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1732] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1732] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1736 attached
 <unfinished ...>
[pid  1736] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1732] <... clone resumed>, parent_tid=[1736], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1736
[pid  1736] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1732] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1732] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1733] <... write resumed>)        = 40
[pid  1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1733] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1736] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1736] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1732] <... futex resumed>)        = 0
[pid  1736] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1733] <... futex resumed>)        = 0
[pid  1733] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1732] <... futex resumed>)        = 0
[pid  1733] <... futex resumed>)        = 1
[pid  1733] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1732] exit_group(0)               = ?
[pid  1733] <... futex resumed>)        = ?
[pid  1736] <... futex resumed>)        = ?
[pid  1736] +++ exited with 0 +++
[pid  1733] +++ exited with 0 +++
[pid  1732] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1732, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./288/binderfs")                = 0
[   61.063593][ T1736] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   61.082224][ T1733] EXT4-fs (loop0): pa ffff8881db8a2888: logic 16, phys. 128, len 24
[   61.090292][ T1733] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./288/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./288")                          = 0
mkdir("./289", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1737 attached
 <unfinished ...>
[pid  1737] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1737] chdir("./289")              = 0
[pid  1737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1737] setpgid(0, 0)               = 0
[pid  1737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1737] write(3, "1000", 4)         = 4
[pid  1737] close(3)                    = 0
[pid  1737] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1737] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1737] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1737] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1738], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1738
[pid  1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1738 attached
 <unfinished ...>
[pid   304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1737
[pid  1738] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1738] memfd_create("syzkaller", 0) = 3
[pid  1738] ftruncate(3, 2097152)       = 0
[pid  1738] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1738] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1738] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1738] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1738] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1738] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1738] mkdir("./file0", 0777)      = 0
[pid  1738] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1738] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1738] close(4)                    = 0
[pid  1738] close(3)                    = 0
[pid  1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1737] <... futex resumed>)        = 0
[pid  1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1738] <... futex resumed>)        = 1
[pid  1738] chdir("./file0")            = 0
[pid  1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1737] <... futex resumed>)        = 0
[pid  1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1738] <... futex resumed>)        = 1
[pid  1738] creat("./file0", 000)       = 3
[pid  1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1737] <... futex resumed>)        = 0
[pid  1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1737] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1737] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1737] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1741], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1741
[pid  1737] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1737] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1738] <... futex resumed>)        = 1
[pid  1738] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1738] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1741 attached
 <unfinished ...>
[pid  1741] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1741] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1741] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1737] <... futex resumed>)        = 0
[pid  1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1738] <... futex resumed>)        = 0
[pid  1738] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1737] <... futex resumed>)        = 0
[pid  1737] exit_group(0)               = ?
[pid  1738] <... futex resumed>)        = ?
[pid  1738] +++ exited with 0 +++
[pid  1741] +++ exited with 0 +++
[pid  1737] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1737, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./289/binderfs")                = 0
[   61.254567][ T1741] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   61.271273][ T1741] EXT4-fs (loop0): pa ffff8881dba2c5e8: logic 16, phys. 128, len 24
[   61.279258][ T1741] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./289/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./289")                          = 0
mkdir("./290", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1742
./strace-static-x86_64: Process 1742 attached
[pid  1742] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1742] chdir("./290")              = 0
[pid  1742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1742] setpgid(0, 0)               = 0
[pid  1742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1742] write(3, "1000", 4)         = 4
[pid  1742] close(3)                    = 0
[pid  1742] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1742] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1742] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1742] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1743 attached
 <unfinished ...>
[pid  1743] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1743] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1742] <... clone resumed>, parent_tid=[1743], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1743
[pid  1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1742] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1743] <... futex resumed>)        = 0
[pid  1743] memfd_create("syzkaller", 0) = 3
[pid  1743] ftruncate(3, 2097152)       = 0
[pid  1743] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1743] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1743] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1743] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1743] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1743] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1743] mkdir("./file0", 0777)      = 0
[pid  1743] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1743] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1743] close(4)                    = 0
[pid  1743] close(3)                    = 0
[pid  1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1743] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1742] <... futex resumed>)        = 0
[pid  1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1742] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1743] <... futex resumed>)        = 0
[pid  1743] chdir("./file0")            = 0
[pid  1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1742] <... futex resumed>)        = 0
[pid  1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1742] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1743] creat("./file0", 000)       = 3
[pid  1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1742] <... futex resumed>)        = 0
[pid  1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1742] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1742] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1742] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1746], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1746
[pid  1742] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1742] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1743] <... futex resumed>)        = 1
[pid  1743] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1743] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1746 attached
 <unfinished ...>
[pid  1746] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1746] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1746] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1742] <... futex resumed>)        = 0
[pid  1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1742] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1743] <... futex resumed>)        = 0
[pid  1743] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1746] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1742] <... futex resumed>)        = 0
[pid  1742] exit_group(0)               = ?
[pid  1746] <... futex resumed>)        = ?
[pid  1743] <... futex resumed>)        = ?
[pid  1743] +++ exited with 0 +++
[pid  1746] +++ exited with 0 +++
[pid  1742] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1742, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./290/binderfs")                = 0
[   61.403954][ T1746] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   61.421384][ T1746] EXT4-fs (loop0): pa ffff8881db8a2540: logic 16, phys. 128, len 24
[   61.429489][ T1746] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./290/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./290")                          = 0
mkdir("./291", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1747
./strace-static-x86_64: Process 1747 attached
[pid  1747] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1747] chdir("./291")              = 0
[pid  1747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1747] setpgid(0, 0)               = 0
[pid  1747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1747] write(3, "1000", 4)         = 4
[pid  1747] close(3)                    = 0
[pid  1747] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1747] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1747] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1747] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1748], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1748
[pid  1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1747] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1748 attached
 <unfinished ...>
[pid  1748] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1748] memfd_create("syzkaller", 0) = 3
[pid  1748] ftruncate(3, 2097152)       = 0
[pid  1748] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1748] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1748] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1748] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1748] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1748] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1748] mkdir("./file0", 0777)      = 0
[pid  1748] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1748] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1748] close(4)                    = 0
[pid  1748] close(3)                    = 0
[pid  1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1747] <... futex resumed>)        = 0
[pid  1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1747] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1748] <... futex resumed>)        = 1
[pid  1748] chdir("./file0")            = 0
[pid  1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1747] <... futex resumed>)        = 0
[pid  1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1747] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1748] <... futex resumed>)        = 1
[pid  1748] creat("./file0", 000)       = 3
[pid  1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1747] <... futex resumed>)        = 0
[pid  1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1747] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1747] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1747] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1751 attached
, parent_tid=[1751], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1751
[pid  1747] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1747] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1751] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1748] <... futex resumed>)        = 1
[pid  1751] <... set_robust_list resumed>) = 0
[pid  1748] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1748] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1751] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1751] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1747] <... futex resumed>)        = 0
[pid  1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1747] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1748] <... futex resumed>)        = 0
[pid  1748] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1751] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1748] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1747] <... futex resumed>)        = 0
[pid  1747] exit_group(0)               = ?
[pid  1751] <... futex resumed>)        = ?
[pid  1748] <... futex resumed>)        = ?
[pid  1748] +++ exited with 0 +++
[pid  1751] +++ exited with 0 +++
[pid  1747] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1747, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./291/binderfs")                = 0
[   61.519918][ T1751] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   61.536886][ T1751] EXT4-fs (loop0): pa ffff8881db8a2150: logic 16, phys. 128, len 24
[   61.544897][ T1751] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./291/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./291")                          = 0
mkdir("./292", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1752
./strace-static-x86_64: Process 1752 attached
[pid  1752] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1752] chdir("./292")              = 0
[pid  1752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1752] setpgid(0, 0)               = 0
[pid  1752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1752] write(3, "1000", 4)         = 4
[pid  1752] close(3)                    = 0
[pid  1752] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1752] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1752] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1752] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1753], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1753
[pid  1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1752] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1753 attached
 <unfinished ...>
[pid  1753] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1753] memfd_create("syzkaller", 0) = 3
[pid  1753] ftruncate(3, 2097152)       = 0
[pid  1753] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1753] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1753] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1753] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1753] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1753] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1753] mkdir("./file0", 0777)      = 0
[pid  1753] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1753] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1753] close(4)                    = 0
[pid  1753] close(3)                    = 0
[pid  1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1752] <... futex resumed>)        = 0
[pid  1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1752] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1753] <... futex resumed>)        = 1
[pid  1753] chdir("./file0")            = 0
[pid  1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1752] <... futex resumed>)        = 0
[pid  1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1752] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1753] <... futex resumed>)        = 1
[pid  1753] creat("./file0", 000)       = 3
[pid  1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1752] <... futex resumed>)        = 0
[pid  1753] <... futex resumed>)        = 1
[pid  1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1753] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1752] <... futex resumed>)        = 0
[pid  1752] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1753] <... write resumed>)        = 40
[pid  1752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1752] <... mmap resumed>)         = 0x7f0168051000
[pid  1753] <... futex resumed>)        = 0
[pid  1752] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1753] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1752] <... mprotect resumed>)     = 0
[pid  1752] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1756], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1756
[pid  1752] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1752] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1756 attached
 <unfinished ...>
[pid  1756] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1756] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1756] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1752] <... futex resumed>)        = 0
[pid  1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1752] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1753] <... futex resumed>)        = 0
[pid  1753] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1752] <... futex resumed>)        = 0
[pid  1752] exit_group(0)               = ?
[pid  1753] <... futex resumed>)        = ?
[pid  1753] +++ exited with 0 +++
[pid  1756] +++ exited with 0 +++
[pid  1752] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1752, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./292/binderfs")                = 0
umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./292/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./292")                          = 0
mkdir("./293", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1757
./strace-static-x86_64: Process 1757 attached
[pid  1757] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1757] chdir("./293")              = 0
[pid  1757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1757] setpgid(0, 0)               = 0
[pid  1757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1757] write(3, "1000", 4)         = 4
[pid  1757] close(3)                    = 0
[pid  1757] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1757] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1757] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1757] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1758], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1758
[pid  1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1757] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1758 attached
 <unfinished ...>
[pid  1758] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1758] memfd_create("syzkaller", 0) = 3
[pid  1758] ftruncate(3, 2097152)       = 0
[pid  1758] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1758] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1758] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1758] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1758] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   61.628591][ T1756] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   61.646036][ T1756] EXT4-fs (loop0): pa ffff8881dba2c1f8: logic 16, phys. 128, len 24
[   61.654036][ T1756] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
[pid  1758] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1758] mkdir("./file0", 0777)      = 0
[pid  1758] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1758] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1758] close(4)                    = 0
[pid  1758] close(3)                    = 0
[pid  1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1757] <... futex resumed>)        = 0
[pid  1758] chdir("./file0" <unfinished ...>
[pid  1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1758] <... chdir resumed>)        = 0
[pid  1757] <... futex resumed>)        = 0
[pid  1757] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1757] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1758] creat("./file0", 000 <unfinished ...>
[pid  1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1757] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1758] <... creat resumed>)        = 3
[pid  1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1757] <... futex resumed>)        = 0
[pid  1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1757] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1757] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1757] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1761 attached
, parent_tid=[1761], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1761
[pid  1761] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1757] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1761] <... set_robust_list resumed>) = 0
[pid  1757] <... futex resumed>)        = 0
[pid  1761] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1757] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1758] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1761] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1758] <... write resumed>)        = 40
[pid  1761] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1758] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1761] <... futex resumed>)        = 1
[pid  1757] <... futex resumed>)        = 0
[pid  1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1757] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1758] <... futex resumed>)        = 0
[pid  1758] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1757] <... futex resumed>)        = 0
[pid  1757] exit_group(0)               = ?
[pid  1758] <... futex resumed>)        = ?
[pid  1758] +++ exited with 0 +++
[pid  1761] +++ exited with 0 +++
[pid  1757] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1757, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./293/binderfs")                = 0
[   61.728304][ T1761] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./293/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./293")                          = 0
mkdir("./294", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1762
./strace-static-x86_64: Process 1762 attached
[pid  1762] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1762] chdir("./294")              = 0
[pid  1762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1762] setpgid(0, 0)               = 0
[pid  1762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1762] write(3, "1000", 4)         = 4
[pid  1762] close(3)                    = 0
[pid  1762] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1762] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1762] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1762] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1763], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1763
[pid  1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1762] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1763 attached
 <unfinished ...>
[pid  1763] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1763] memfd_create("syzkaller", 0) = 3
[pid  1763] ftruncate(3, 2097152)       = 0
[pid  1763] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1763] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1763] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1763] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1763] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1763] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1763] mkdir("./file0", 0777)      = 0
[pid  1763] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1763] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1763] close(4)                    = 0
[pid  1763] close(3)                    = 0
[pid  1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1762] <... futex resumed>)        = 0
[pid  1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1762] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1763] <... futex resumed>)        = 1
[pid  1763] chdir("./file0")            = 0
[pid  1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1762] <... futex resumed>)        = 0
[pid  1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1762] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1763] <... futex resumed>)        = 1
[pid  1763] creat("./file0", 000)       = 3
[pid  1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1762] <... futex resumed>)        = 0
[pid  1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1762] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1762] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1762] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1766], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1766
[pid  1762] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1762] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1763] <... futex resumed>)        = 1
[pid  1763] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1763] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1766 attached
 <unfinished ...>
[pid  1766] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1766] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1766] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1762] <... futex resumed>)        = 0
[pid  1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1763] <... futex resumed>)        = 0
[pid  1762] <... futex resumed>)        = 1
[pid  1763] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1762] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1763] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1762] <... futex resumed>)        = 0
[pid  1763] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1762] exit_group(0 <unfinished ...>
[pid  1763] <... futex resumed>)        = ?
[pid  1762] <... exit_group resumed>)   = ?
[pid  1763] +++ exited with 0 +++
[pid  1766] <... futex resumed>)        = ?
[pid  1766] +++ exited with 0 +++
[pid  1762] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1762, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./294/binderfs")                = 0
[   61.816811][ T1766] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   61.833040][ T1766] EXT4-fs (loop0): pa ffff8881db8a25e8: logic 16, phys. 128, len 24
[   61.841123][ T1766] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./294/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./294")                          = 0
mkdir("./295", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1767
./strace-static-x86_64: Process 1767 attached
[pid  1767] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1767] chdir("./295")              = 0
[pid  1767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1767] setpgid(0, 0)               = 0
[pid  1767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1767] write(3, "1000", 4)         = 4
[pid  1767] close(3)                    = 0
[pid  1767] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1767] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1767] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1767] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1768 attached
 <unfinished ...>
[pid  1768] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1768] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1767] <... clone resumed>, parent_tid=[1768], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1768
[pid  1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1768] <... futex resumed>)        = 0
[pid  1767] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1768] memfd_create("syzkaller", 0) = 3
[pid  1768] ftruncate(3, 2097152)       = 0
[pid  1768] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1768] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1768] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1768] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1768] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1768] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1768] mkdir("./file0", 0777)      = 0
[pid  1768] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1768] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1768] close(4)                    = 0
[pid  1768] close(3)                    = 0
[pid  1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1767] <... futex resumed>)        = 0
[pid  1768] chdir("./file0" <unfinished ...>
[pid  1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1768] <... chdir resumed>)        = 0
[pid  1767] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1767] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1768] <... futex resumed>)        = 0
[pid  1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1768] creat("./file0", 000 <unfinished ...>
[pid  1767] <... futex resumed>)        = 0
[pid  1767] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1768] <... creat resumed>)        = 3
[pid  1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1767] <... futex resumed>)        = 0
[pid  1768] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1768] <... write resumed>)        = 40
[pid  1767] <... futex resumed>)        = 0
[pid  1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1767] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1768] <... futex resumed>)        = 0
[pid  1767] <... futex resumed>)        = 0
[pid  1768] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1767] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1767] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1771], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1771
[pid  1767] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1767] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1771 attached
 <unfinished ...>
[pid  1771] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1771] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1771] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1767] <... futex resumed>)        = 0
[pid  1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1767] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1768] <... futex resumed>)        = 0
[pid  1768] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1767] <... futex resumed>)        = 0
[pid  1767] exit_group(0)               = ?
[pid  1768] <... futex resumed>)        = ?
[pid  1768] +++ exited with 0 +++
[pid  1771] +++ exited with 0 +++
[pid  1767] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1767, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./295/binderfs")                = 0
[   61.940161][ T1771] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   61.956557][ T1771] EXT4-fs (loop0): pa ffff8881dba2c2a0: logic 16, phys. 128, len 24
[   61.964576][ T1771] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./295/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./295")                          = 0
mkdir("./296", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1772
./strace-static-x86_64: Process 1772 attached
[pid  1772] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1772] chdir("./296")              = 0
[pid  1772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1772] setpgid(0, 0)               = 0
[pid  1772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1772] write(3, "1000", 4)         = 4
[pid  1772] close(3)                    = 0
[pid  1772] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1772] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1772] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1772] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1773 attached
, parent_tid=[1773], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1773
[pid  1773] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1773] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1773] <... futex resumed>)        = 0
[pid  1772] <... futex resumed>)        = 1
[pid  1773] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1772] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1773] <... memfd_create resumed>) = 3
[pid  1773] ftruncate(3, 2097152)       = 0
[pid  1773] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1773] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1773] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1773] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1773] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1773] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1773] mkdir("./file0", 0777)      = 0
[pid  1773] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1773] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1773] close(4)                    = 0
[pid  1773] close(3)                    = 0
[pid  1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1772] <... futex resumed>)        = 0
[pid  1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1772] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1773] <... futex resumed>)        = 1
[pid  1773] chdir("./file0")            = 0
[pid  1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1772] <... futex resumed>)        = 0
[pid  1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1772] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1773] <... futex resumed>)        = 1
[pid  1773] creat("./file0", 000)       = 3
[pid  1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1772] <... futex resumed>)        = 0
[pid  1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1772] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1772] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1772] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1776], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1776
[pid  1772] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1772] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1773] <... futex resumed>)        = 1
[pid  1773] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1773] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1776 attached
 <unfinished ...>
[pid  1776] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1776] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1776] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1772] <... futex resumed>)        = 0
[pid  1776] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1773] <... futex resumed>)        = 0
[pid  1772] <... futex resumed>)        = 1
[pid  1773] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1772] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1773] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1772] <... futex resumed>)        = 0
[pid  1773] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1772] exit_group(0 <unfinished ...>
[pid  1773] <... futex resumed>)        = ?
[pid  1772] <... exit_group resumed>)   = ?
[pid  1773] +++ exited with 0 +++
[pid  1776] <... futex resumed>)        = ?
[pid  1776] +++ exited with 0 +++
[pid  1772] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1772, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./296/binderfs")                = 0
[   62.063238][ T1776] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   62.080413][ T1776] EXT4-fs (loop0): pa ffff8881db8a2348: logic 16, phys. 128, len 24
[   62.088384][ T1776] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./296/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./296")                          = 0
mkdir("./297", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1777
./strace-static-x86_64: Process 1777 attached
[pid  1777] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1777] chdir("./297")              = 0
[pid  1777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1777] setpgid(0, 0)               = 0
[pid  1777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1777] write(3, "1000", 4)         = 4
[pid  1777] close(3)                    = 0
[pid  1777] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1777] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1777] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1777] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1778], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1778
[pid  1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1777] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1778 attached
 <unfinished ...>
[pid  1778] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1778] memfd_create("syzkaller", 0) = 3
[pid  1778] ftruncate(3, 2097152)       = 0
[pid  1778] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1778] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1778] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1778] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1778] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1778] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1778] mkdir("./file0", 0777)      = 0
[pid  1778] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1778] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1778] close(4)                    = 0
[pid  1778] close(3)                    = 0
[pid  1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1777] <... futex resumed>)        = 0
[pid  1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1777] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1778] chdir("./file0")            = 0
[pid  1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1777] <... futex resumed>)        = 0
[pid  1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1777] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1778] creat("./file0", 000)       = 3
[pid  1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1777] <... futex resumed>)        = 0
[pid  1778] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1777] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1778] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1777] <... mmap resumed>)         = 0x7f0168051000
[pid  1778] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1777] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1778] <... write resumed>)        = 40
[pid  1777] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1777] <... clone resumed>, parent_tid=[1781], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1781
./strace-static-x86_64: Process 1781 attached
[pid  1778] <... futex resumed>)        = 0
[pid  1777] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1777] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1781] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1778] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1781] <... set_robust_list resumed>) = 0
[pid  1781] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1781] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1777] <... futex resumed>)        = 0
[pid  1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1777] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1778] <... futex resumed>)        = 0
[pid  1781] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1778] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1777] <... futex resumed>)        = 0
[pid  1778] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1777] exit_group(0)               = ?
[pid  1781] <... futex resumed>)        = ?
[pid  1778] <... futex resumed>)        = ?
[pid  1778] +++ exited with 0 +++
[pid  1781] +++ exited with 0 +++
[pid  1777] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1777, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./297/binderfs")                = 0
[   62.245706][ T1781] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   62.263195][ T1781] EXT4-fs (loop0): pa ffff8881e69febd0: logic 16, phys. 128, len 24
[   62.271219][ T1781] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./297/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./297")                          = 0
mkdir("./298", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1782
./strace-static-x86_64: Process 1782 attached
[pid  1782] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1782] chdir("./298")              = 0
[pid  1782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1782] setpgid(0, 0)               = 0
[pid  1782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1782] write(3, "1000", 4)         = 4
[pid  1782] close(3)                    = 0
[pid  1782] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1782] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1782] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1782] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1783], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1783
[pid  1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 1783 attached
[pid  1783] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  1782] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1783] <... set_robust_list resumed>) = 0
[pid  1783] memfd_create("syzkaller", 0) = 3
[pid  1783] ftruncate(3, 2097152)       = 0
[pid  1783] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1783] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1783] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1783] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1783] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1783] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1783] mkdir("./file0", 0777)      = 0
[pid  1783] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1783] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1783] close(4)                    = 0
[pid  1783] close(3)                    = 0
[pid  1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1782] <... futex resumed>)        = 0
[pid  1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1782] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1783] <... futex resumed>)        = 1
[pid  1783] chdir("./file0")            = 0
[pid  1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1782] <... futex resumed>)        = 0
[pid  1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1782] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1783] <... futex resumed>)        = 1
[pid  1783] creat("./file0", 000)       = 3
[pid  1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1782] <... futex resumed>)        = 0
[pid  1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1782] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1782] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1782] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1786], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1786
[pid  1782] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1782] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1783] <... futex resumed>)        = 1
[pid  1783] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1783] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1786 attached
 <unfinished ...>
[pid  1786] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1786] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1786] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1782] <... futex resumed>)        = 0
[pid  1786] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1783] <... futex resumed>)        = 0
[pid  1782] <... futex resumed>)        = 1
[pid  1783] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1782] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1783] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1782] <... futex resumed>)        = 0
[pid  1783] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1782] exit_group(0 <unfinished ...>
[pid  1786] <... futex resumed>)        = ?
[pid  1783] <... futex resumed>)        = ?
[pid  1782] <... exit_group resumed>)   = ?
[pid  1786] +++ exited with 0 +++
[pid  1783] +++ exited with 0 +++
[pid  1782] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1782, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./298/binderfs")                = 0
[   62.367575][ T1786] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   62.385021][ T1783] EXT4-fs (loop0): pa ffff8881e6911a80: logic 16, phys. 128, len 24
[   62.393023][ T1783] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./298/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./298")                          = 0
mkdir("./299", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1787
./strace-static-x86_64: Process 1787 attached
[pid  1787] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1787] chdir("./299")              = 0
[pid  1787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1787] setpgid(0, 0)               = 0
[pid  1787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1787] write(3, "1000", 4)         = 4
[pid  1787] close(3)                    = 0
[pid  1787] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1787] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1787] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1787] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1788 attached
, parent_tid=[1788], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1788
[pid  1788] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1788] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1788] <... futex resumed>)        = 0
[pid  1788] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1787] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1788] <... memfd_create resumed>) = 3
[pid  1788] ftruncate(3, 2097152)       = 0
[pid  1788] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1788] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1788] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1788] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1788] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1788] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1788] mkdir("./file0", 0777)      = 0
[pid  1788] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1788] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1788] close(4)                    = 0
[pid  1788] close(3)                    = 0
[pid  1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1788] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1787] <... futex resumed>)        = 0
[pid  1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1787] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1788] <... futex resumed>)        = 0
[pid  1788] chdir("./file0")            = 0
[pid  1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1787] <... futex resumed>)        = 0
[pid  1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1787] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1788] creat("./file0", 000)       = 3
[pid  1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1787] <... futex resumed>)        = 0
[pid  1788] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1788] <... write resumed>)        = 40
[pid  1787] <... futex resumed>)        = 0
[pid  1787] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1787] <... mmap resumed>)         = 0x7f0168051000
[pid  1787] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1788] <... futex resumed>)        = 0
[pid  1787] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  1788] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1791 attached
 <unfinished ...>
[pid  1791] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1791] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1787] <... clone resumed>, parent_tid=[1791], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1791
[pid  1787] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1791] <... futex resumed>)        = 0
[pid  1787] <... futex resumed>)        = 1
[pid  1791] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1787] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1791] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1791] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1787] <... futex resumed>)        = 0
[pid  1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1787] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1791] <... futex resumed>)        = 1
[pid  1791] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1788] <... futex resumed>)        = 0
[pid  1788] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1787] <... futex resumed>)        = 0
[pid  1787] exit_group(0)               = ?
[pid  1791] <... futex resumed>)        = ?
[pid  1791] +++ exited with 0 +++
[pid  1788] +++ exited with 0 +++
[pid  1787] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1787, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./299/binderfs")                = 0
[   62.496466][ T1791] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   62.513546][ T1788] EXT4-fs (loop0): pa ffff8881e69119d8: logic 16, phys. 128, len 24
[   62.521653][ T1788] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./299/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./299")                          = 0
mkdir("./300", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1792 attached
 <unfinished ...>
[pid  1792] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1792] chdir("./300")              = 0
[pid  1792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1792] setpgid(0, 0)               = 0
[pid  1792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1792] write(3, "1000", 4)         = 4
[pid  1792] close(3)                    = 0
[pid  1792] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1792] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1792] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1792] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1793], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1793
[pid  1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1792] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid   304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1792
./strace-static-x86_64: Process 1793 attached
[pid  1793] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1793] memfd_create("syzkaller", 0) = 3
[pid  1793] ftruncate(3, 2097152)       = 0
[pid  1793] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1793] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1793] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1793] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1793] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1793] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1793] mkdir("./file0", 0777)      = 0
[pid  1793] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1793] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1793] close(4)                    = 0
[pid  1793] close(3)                    = 0
[pid  1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1792] <... futex resumed>)        = 0
[pid  1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1792] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1793] <... futex resumed>)        = 1
[pid  1793] chdir("./file0")            = 0
[pid  1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1792] <... futex resumed>)        = 0
[pid  1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1792] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1793] <... futex resumed>)        = 1
[pid  1793] creat("./file0", 000)       = 3
[pid  1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1792] <... futex resumed>)        = 0
[pid  1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1792] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1792] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1792] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1796], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1796
[pid  1792] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1792] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1793] <... futex resumed>)        = 1
[pid  1793] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1793] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1796 attached
 <unfinished ...>
[pid  1796] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1796] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1796] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1792] <... futex resumed>)        = 0
[pid  1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1792] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1793] <... futex resumed>)        = 0
[pid  1793] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1792] <... futex resumed>)        = 0
[pid  1792] exit_group(0)               = ?
[pid  1793] <... futex resumed>)        = ?
[pid  1793] +++ exited with 0 +++
[pid  1796] +++ exited with 0 +++
[pid  1792] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1792, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./300/binderfs")                = 0
[   62.640974][ T1796] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   62.657624][ T1796] EXT4-fs (loop0): pa ffff8881dba2cf18: logic 16, phys. 128, len 24
[   62.665680][ T1796] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./300/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./300")                          = 0
mkdir("./301", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1797
./strace-static-x86_64: Process 1797 attached
[pid  1797] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1797] chdir("./301")              = 0
[pid  1797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1797] setpgid(0, 0)               = 0
[pid  1797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1797] write(3, "1000", 4)         = 4
[pid  1797] close(3)                    = 0
[pid  1797] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1797] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1797] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1797] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1798 attached
, parent_tid=[1798], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1798
[pid  1798] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1798] <... futex resumed>)        = 0
[pid  1798] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1797] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1798] <... memfd_create resumed>) = 3
[pid  1798] ftruncate(3, 2097152)       = 0
[pid  1798] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1798] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1798] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1798] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1798] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1798] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1798] mkdir("./file0", 0777)      = 0
[pid  1798] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1798] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1798] close(4)                    = 0
[pid  1798] close(3)                    = 0
[pid  1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1797] <... futex resumed>)        = 0
[pid  1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1798] <... futex resumed>)        = 0
[pid  1798] chdir("./file0")            = 0
[pid  1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1797] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1798] <... futex resumed>)        = 0
[pid  1798] creat("./file0", 000 <unfinished ...>
[pid  1797] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1798] <... creat resumed>)        = 3
[pid  1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1797] <... futex resumed>)        = 0
[pid  1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1797] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1798] <... futex resumed>)        = 0
[pid  1798] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1797] <... futex resumed>)        = 0
[pid  1797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1798] <... write resumed>)        = 40
[pid  1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1797] <... mmap resumed>)         = 0x7f0168051000
[pid  1797] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1797] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1801], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1801
[pid  1797] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1797] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1801 attached
 <unfinished ...>
[pid  1801] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1801] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1801] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1797] <... futex resumed>)        = 0
[pid  1801] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1798] <... futex resumed>)        = 0
[pid  1797] <... futex resumed>)        = 1
[pid  1798] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1797] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1798] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1797] <... futex resumed>)        = 0
[pid  1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1797] exit_group(0 <unfinished ...>
[pid  1798] <... futex resumed>)        = ?
[pid  1797] <... exit_group resumed>)   = ?
[pid  1798] +++ exited with 0 +++
[pid  1801] <... futex resumed>)        = ?
[pid  1801] +++ exited with 0 +++
[pid  1797] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1797, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./301/binderfs")                = 0
umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
[   62.801148][ T1801] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   62.817775][ T1801] EXT4-fs (loop0): pa ffff8881dba2c498: logic 16, phys. 128, len 24
[   62.825784][ T1801] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
rmdir("./301/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./301")                          = 0
mkdir("./302", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1802
./strace-static-x86_64: Process 1802 attached
[pid  1802] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1802] chdir("./302")              = 0
[pid  1802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1802] setpgid(0, 0)               = 0
[pid  1802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1802] write(3, "1000", 4)         = 4
[pid  1802] close(3)                    = 0
[pid  1802] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1802] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1802] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1802] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1803], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1803
[pid  1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1802] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1803 attached
 <unfinished ...>
[pid  1803] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1803] memfd_create("syzkaller", 0) = 3
[pid  1803] ftruncate(3, 2097152)       = 0
[pid  1803] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1803] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1803] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1803] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1803] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1803] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1803] mkdir("./file0", 0777)      = 0
[pid  1803] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1803] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1803] close(4)                    = 0
[pid  1803] close(3)                    = 0
[pid  1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1802] <... futex resumed>)        = 0
[pid  1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1803] chdir("./file0" <unfinished ...>
[pid  1802] <... futex resumed>)        = 0
[pid  1803] <... chdir resumed>)        = 0
[pid  1802] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1802] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1803] <... futex resumed>)        = 0
[pid  1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1803] creat("./file0", 000 <unfinished ...>
[pid  1802] <... futex resumed>)        = 0
[pid  1802] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1803] <... creat resumed>)        = 3
[pid  1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1802] <... futex resumed>)        = 0
[pid  1803] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1803] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1802] <... futex resumed>)        = 0
[pid  1802] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1803] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1802] <... futex resumed>)        = 0
[pid  1803] <... write resumed>)        = 40
[pid  1802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1802] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1803] <... futex resumed>)        = 0
[pid  1802] <... mprotect resumed>)     = 0
[pid  1803] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1802] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1806], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1806
[pid  1802] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1802] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1806 attached
 <unfinished ...>
[pid  1806] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1806] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1806] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1802] <... futex resumed>)        = 0
[pid  1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1803] <... futex resumed>)        = 0
[pid  1802] <... futex resumed>)        = 1
[pid  1803] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1802] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1803] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1802] <... futex resumed>)        = 0
[pid  1803] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1802] exit_group(0 <unfinished ...>
[pid  1806] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1803] <... futex resumed>)        = ?
[pid  1802] <... exit_group resumed>)   = ?
[pid  1803] +++ exited with 0 +++
[pid  1806] <... futex resumed>)        = ?
[pid  1806] +++ exited with 0 +++
[pid  1802] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1802, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./302/binderfs")                = 0
[   62.894033][ T1806] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   62.911240][ T1806] EXT4-fs (loop0): pa ffff8881dba2cbd0: logic 16, phys. 128, len 24
[   62.919206][ T1806] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./302/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./302")                          = 0
mkdir("./303", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1807
./strace-static-x86_64: Process 1807 attached
[pid  1807] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1807] chdir("./303")              = 0
[pid  1807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1807] setpgid(0, 0)               = 0
[pid  1807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1807] write(3, "1000", 4)         = 4
[pid  1807] close(3)                    = 0
[pid  1807] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1807] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1807] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1807] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1808 attached
, parent_tid=[1808], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1808
[pid  1808] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1808] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1808] <... futex resumed>)        = 0
[pid  1808] memfd_create("syzkaller", 0) = 3
[pid  1807] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1808] ftruncate(3, 2097152)       = 0
[pid  1808] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1808] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1808] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1808] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1808] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1808] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1808] mkdir("./file0", 0777)      = 0
[pid  1808] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1808] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1808] close(4)                    = 0
[pid  1808] close(3)                    = 0
[pid  1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1807] <... futex resumed>)        = 0
[pid  1808] chdir("./file0" <unfinished ...>
[pid  1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1808] <... chdir resumed>)        = 0
[pid  1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1807] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1808] <... futex resumed>)        = 0
[pid  1807] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1808] creat("./file0", 000 <unfinished ...>
[pid  1807] <... futex resumed>)        = 0
[pid  1807] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1808] <... creat resumed>)        = 3
[pid  1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1807] <... futex resumed>)        = 0
[pid  1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1808] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1807] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1807] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1807] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1811], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1811
[pid  1807] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1807] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1808] <... write resumed>)        = 40
[pid  1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1808] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1811 attached
 <unfinished ...>
[pid  1811] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1811] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1811] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1807] <... futex resumed>)        = 0
[pid  1811] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1808] <... futex resumed>)        = 0
[pid  1807] <... futex resumed>)        = 1
[pid  1808] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1807] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1808] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1807] <... futex resumed>)        = 0
[pid  1808] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1807] exit_group(0)               = ?
[pid  1808] <... futex resumed>)        = ?
[pid  1808] +++ exited with 0 +++
[pid  1811] <... futex resumed>)        = ?
[pid  1811] +++ exited with 0 +++
[pid  1807] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1807, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./303/binderfs")                = 0
[   63.049855][ T1811] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   63.066743][ T1811] EXT4-fs (loop0): pa ffff8881dba2c690: logic 16, phys. 128, len 24
[   63.074793][ T1811] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./303/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./303")                          = 0
mkdir("./304", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1812 attached
, child_tidptr=0x55555656e5d0) = 1812
[pid  1812] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1812] chdir("./304")              = 0
[pid  1812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1812] setpgid(0, 0)               = 0
[pid  1812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1812] write(3, "1000", 4)         = 4
[pid  1812] close(3)                    = 0
[pid  1812] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1812] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1812] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1812] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1813 attached
, parent_tid=[1813], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1813
[pid  1813] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1813] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1813] <... futex resumed>)        = 0
[pid  1812] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1813] memfd_create("syzkaller", 0) = 3
[pid  1813] ftruncate(3, 2097152)       = 0
[pid  1813] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1813] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1813] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1813] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1813] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1813] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1813] mkdir("./file0", 0777)      = 0
[pid  1813] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1813] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1813] close(4)                    = 0
[pid  1813] close(3)                    = 0
[pid  1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1813] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1812] <... futex resumed>)        = 0
[pid  1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1813] <... futex resumed>)        = 0
[pid  1812] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1813] chdir("./file0")            = 0
[pid  1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1812] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1813] <... futex resumed>)        = 0
[pid  1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1813] creat("./file0", 000 <unfinished ...>
[pid  1812] <... futex resumed>)        = 0
[pid  1812] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1813] <... creat resumed>)        = 3
[pid  1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1812] <... futex resumed>)        = 0
[pid  1813] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1813] <... write resumed>)        = 40
[pid  1812] <... futex resumed>)        = 0
[pid  1812] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1812] <... futex resumed>)        = 0
[pid  1813] <... futex resumed>)        = 0
[pid  1812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1813] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1812] <... mmap resumed>)         = 0x7f0168051000
[pid  1812] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1812] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1816 attached
, parent_tid=[1816], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1816
[pid  1812] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1816] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1816] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1812] <... futex resumed>)        = 0
[pid  1812] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1816] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1816] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1812] <... futex resumed>)        = 0
[pid  1816] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1813] <... futex resumed>)        = 0
[pid  1812] <... futex resumed>)        = 1
[pid  1813] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1812] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1813] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1812] <... futex resumed>)        = 0
[pid  1813] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1812] exit_group(0 <unfinished ...>
[pid  1813] <... futex resumed>)        = ?
[pid  1812] <... exit_group resumed>)   = ?
[pid  1813] +++ exited with 0 +++
[pid  1816] <... futex resumed>)        = ?
[pid  1816] +++ exited with 0 +++
[pid  1812] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1812, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./304/binderfs")                = 0
[   63.166471][ T1816] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   63.183062][ T1816] EXT4-fs (loop0): pa ffff8881dba2cc78: logic 16, phys. 128, len 24
[   63.191061][ T1816] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./304/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./304")                          = 0
mkdir("./305", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1817
./strace-static-x86_64: Process 1817 attached
[pid  1817] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1817] chdir("./305")              = 0
[pid  1817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1817] setpgid(0, 0)               = 0
[pid  1817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1817] write(3, "1000", 4)         = 4
[pid  1817] close(3)                    = 0
[pid  1817] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1817] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1817] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1817] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1818 attached
, parent_tid=[1818], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1818
[pid  1818] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1818] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1818] <... futex resumed>)        = 0
[pid  1817] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1818] memfd_create("syzkaller", 0) = 3
[pid  1818] ftruncate(3, 2097152)       = 0
[pid  1818] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1818] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1818] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1818] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1818] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1818] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1818] mkdir("./file0", 0777)      = 0
[pid  1818] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1818] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1818] close(4)                    = 0
[pid  1818] close(3)                    = 0
[pid  1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1817] <... futex resumed>)        = 0
[pid  1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1817] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1818] chdir("./file0")            = 0
[pid  1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1817] <... futex resumed>)        = 0
[pid  1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1817] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1818] creat("./file0", 000)       = 3
[pid  1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1817] <... futex resumed>)        = 0
[pid  1818] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1817] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1818] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1817] <... mmap resumed>)         = 0x7f0168051000
[pid  1817] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1817] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1821 attached
 <unfinished ...>
[pid  1818] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1817] <... clone resumed>, parent_tid=[1821], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1821
[pid  1817] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1817] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1821] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1818] <... write resumed>)        = 40
[pid  1821] <... set_robust_list resumed>) = 0
[pid  1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1821] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1818] <... futex resumed>)        = 0
[pid  1818] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1821] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1821] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1817] <... futex resumed>)        = 0
[pid  1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1817] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1818] <... futex resumed>)        = 0
[pid  1818] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1817] <... futex resumed>)        = 0
[pid  1821] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1818] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1817] exit_group(0 <unfinished ...>
[pid  1818] <... futex resumed>)        = ?
[pid  1817] <... exit_group resumed>)   = ?
[pid  1821] <... futex resumed>)        = ?
[pid  1818] +++ exited with 0 +++
[pid  1821] +++ exited with 0 +++
[pid  1817] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1817, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./305/binderfs")                = 0
[   63.300525][ T1821] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   63.317953][ T1821] EXT4-fs (loop0): pa ffff8881e6911888: logic 16, phys. 128, len 24
[   63.325982][ T1821] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./305/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./305/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./305/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./305")                          = 0
mkdir("./306", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1822
./strace-static-x86_64: Process 1822 attached
[pid  1822] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1822] chdir("./306")              = 0
[pid  1822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1822] setpgid(0, 0)               = 0
[pid  1822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1822] write(3, "1000", 4)         = 4
[pid  1822] close(3)                    = 0
[pid  1822] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1822] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1822] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1822] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1823 attached
 <unfinished ...>
[pid  1823] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1823] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1822] <... clone resumed>, parent_tid=[1823], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1823
[pid  1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1823] <... futex resumed>)        = 0
[pid  1823] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1822] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1823] <... memfd_create resumed>) = 3
[pid  1823] ftruncate(3, 2097152)       = 0
[pid  1823] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1823] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1823] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1823] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1823] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1823] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1823] mkdir("./file0", 0777)      = 0
[pid  1823] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1823] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1823] close(4)                    = 0
[pid  1823] close(3)                    = 0
[pid  1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1823] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1822] <... futex resumed>)        = 0
[pid  1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1822] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1823] <... futex resumed>)        = 0
[pid  1823] chdir("./file0")            = 0
[pid  1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1822] <... futex resumed>)        = 0
[pid  1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1822] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1823] <... futex resumed>)        = 1
[pid  1823] creat("./file0", 000)       = 3
[pid  1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1822] <... futex resumed>)        = 0
[pid  1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1822] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1822] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1822] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1826], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1826
[pid  1822] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1822] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1823] <... futex resumed>)        = 1
[pid  1823] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1823] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1826 attached
 <unfinished ...>
[pid  1826] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1826] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1826] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1822] <... futex resumed>)        = 0
[pid  1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1823] <... futex resumed>)        = 0
[pid  1822] <... futex resumed>)        = 1
[pid  1823] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1822] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1823] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1822] <... futex resumed>)        = 0
[pid  1823] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1822] exit_group(0 <unfinished ...>
[pid  1823] <... futex resumed>)        = ?
[pid  1822] <... exit_group resumed>)   = ?
[pid  1823] +++ exited with 0 +++
[pid  1826] +++ exited with 0 +++
[pid  1822] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1822, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./306/binderfs")                = 0
[   63.443854][ T1826] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   63.462140][ T1826] EXT4-fs (loop0): pa ffff8881e6911540: logic 16, phys. 128, len 24
[   63.470185][ T1826] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./306/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./306/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./306/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./306")                          = 0
mkdir("./307", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1827
./strace-static-x86_64: Process 1827 attached
[pid  1827] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1827] chdir("./307")              = 0
[pid  1827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1827] setpgid(0, 0)               = 0
[pid  1827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1827] write(3, "1000", 4)         = 4
[pid  1827] close(3)                    = 0
[pid  1827] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1827] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1827] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1827] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1828 attached
, parent_tid=[1828], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1828
[pid  1828] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1828] <... futex resumed>)        = 0
[pid  1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1828] memfd_create("syzkaller", 0) = 3
[pid  1828] ftruncate(3, 2097152)       = 0
[pid  1828] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1828] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1828] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1828] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1828] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1828] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1828] mkdir("./file0", 0777)      = 0
[pid  1828] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1828] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1828] close(4)                    = 0
[pid  1828] close(3)                    = 0
[pid  1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1827] <... futex resumed>)        = 0
[pid  1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1828] <... futex resumed>)        = 0
[pid  1828] chdir("./file0")            = 0
[pid  1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1828] <... futex resumed>)        = 0
[pid  1828] creat("./file0", 000)       = 3
[pid  1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1828] <... futex resumed>)        = 0
[pid  1828] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1828] <... futex resumed>)        = 0
[pid  1828] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1828] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1827] <... futex resumed>)        = 0
[pid  1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1828] <... futex resumed>)        = 0
[pid  1828] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1828] <... futex resumed>)        = 0
[pid  1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1827] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1827] exit_group(0)               = ?
[pid  1828] <... futex resumed>)        = ?
[pid  1828] +++ exited with 0 +++
[pid  1827] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1827, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./307/binderfs")                = 0
[   63.562445][ T1828] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   63.578972][ T1827] EXT4-fs (loop0): pa ffff8881e6911c78: logic 16, phys. 128, len 24
[   63.587262][ T1827] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./307/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./307/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./307/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./307")                          = 0
mkdir("./308", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1831
./strace-static-x86_64: Process 1831 attached
[pid  1831] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1831] chdir("./308")              = 0
[pid  1831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1831] setpgid(0, 0)               = 0
[pid  1831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1831] write(3, "1000", 4)         = 4
[pid  1831] close(3)                    = 0
[pid  1831] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1831] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1831] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1831] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1832], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1832
./strace-static-x86_64: Process 1832 attached
[pid  1832] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1832] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1832] <... futex resumed>)        = 0
[pid  1831] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1832] memfd_create("syzkaller", 0) = 3
[pid  1832] ftruncate(3, 2097152)       = 0
[pid  1832] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1832] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1832] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1832] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1832] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1832] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1832] mkdir("./file0", 0777)      = 0
[pid  1832] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1832] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1832] close(4)                    = 0
[pid  1832] close(3)                    = 0
[pid  1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1831] <... futex resumed>)        = 0
[pid  1832] chdir("./file0" <unfinished ...>
[pid  1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1832] <... chdir resumed>)        = 0
[pid  1831] <... futex resumed>)        = 0
[pid  1831] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1831] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1832] <... futex resumed>)        = 0
[pid  1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1832] creat("./file0", 000 <unfinished ...>
[pid  1831] <... futex resumed>)        = 0
[pid  1831] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1832] <... creat resumed>)        = 3
[pid  1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1831] <... futex resumed>)        = 0
[pid  1832] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1832] <... futex resumed>)        = 0
[pid  1831] <... futex resumed>)        = 1
[pid  1832] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1831] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1832] <... write resumed>)        = 40
[pid  1831] <... futex resumed>)        = 0
[pid  1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1832] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1831] <... mmap resumed>)         = 0x7f0168051000
[pid  1831] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1831] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1835], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1835
[pid  1831] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1831] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1835 attached
 <unfinished ...>
[pid  1835] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1835] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1835] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1831] <... futex resumed>)        = 0
[pid  1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1832] <... futex resumed>)        = 0
[pid  1832] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1832] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1831] <... futex resumed>)        = 1
[pid  1831] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1831] exit_group(0 <unfinished ...>
[pid  1832] <... futex resumed>)        = ?
[pid  1832] +++ exited with 0 +++
[pid  1831] <... exit_group resumed>)   = ?
[pid  1835] +++ exited with 0 +++
[pid  1831] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1831, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./308", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./308/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./308/binderfs")                = 0
[   63.699101][ T1835] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   63.715283][ T1835] EXT4-fs (loop0): pa ffff8881dba2c930: logic 16, phys. 128, len 24
[   63.723296][ T1835] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./308/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./308/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./308/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./308")                          = 0
mkdir("./309", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1836
./strace-static-x86_64: Process 1836 attached
[pid  1836] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1836] chdir("./309")              = 0
[pid  1836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1836] setpgid(0, 0)               = 0
[pid  1836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1836] write(3, "1000", 4)         = 4
[pid  1836] close(3)                    = 0
[pid  1836] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1836] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1836] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1836] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1837 attached
, parent_tid=[1837], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1837
[pid  1837] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1837] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1837] <... futex resumed>)        = 0
[pid  1837] memfd_create("syzkaller", 0) = 3
[pid  1836] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1837] ftruncate(3, 2097152)       = 0
[pid  1837] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1837] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1837] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1837] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1837] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1837] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1837] mkdir("./file0", 0777)      = 0
[pid  1837] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1837] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1837] close(4)                    = 0
[pid  1837] close(3)                    = 0
[pid  1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1837] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1836] <... futex resumed>)        = 0
[pid  1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1836] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1837] <... futex resumed>)        = 0
[pid  1837] chdir("./file0")            = 0
[pid  1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1836] <... futex resumed>)        = 0
[pid  1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1836] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1837] <... futex resumed>)        = 1
[pid  1837] creat("./file0", 000)       = 3
[pid  1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1836] <... futex resumed>)        = 0
[pid  1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1836] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1836] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1836] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1840], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1840
[pid  1836] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1836] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1837] <... futex resumed>)        = 1
[pid  1837] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1837] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1840 attached
 <unfinished ...>
[pid  1840] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1840] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1840] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1836] <... futex resumed>)        = 0
[pid  1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1836] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1837] <... futex resumed>)        = 0
[pid  1837] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1836] <... futex resumed>)        = 0
[pid  1836] exit_group(0)               = ?
[pid  1837] <... futex resumed>)        = ?
[pid  1837] +++ exited with 0 +++
[pid  1840] +++ exited with 0 +++
[pid  1836] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1836, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./309", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./309/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./309/binderfs")                = 0
[   63.827010][ T1840] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   63.843337][ T1840] EXT4-fs (loop0): pa ffff8881ed9ca150: logic 16, phys. 128, len 24
[   63.851405][ T1840] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./309/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./309/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./309/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./309")                          = 0
mkdir("./310", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1841
./strace-static-x86_64: Process 1841 attached
[pid  1841] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1841] chdir("./310")              = 0
[pid  1841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1841] setpgid(0, 0)               = 0
[pid  1841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1841] write(3, "1000", 4)         = 4
[pid  1841] close(3)                    = 0
[pid  1841] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1841] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1841] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1841] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1842 attached
, parent_tid=[1842], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1842
[pid  1842] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1842] <... set_robust_list resumed>) = 0
[pid  1841] <... futex resumed>)        = 0
[pid  1841] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1842] memfd_create("syzkaller", 0) = 3
[pid  1842] ftruncate(3, 2097152)       = 0
[pid  1842] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1842] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1842] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1842] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1842] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1842] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1842] mkdir("./file0", 0777)      = 0
[pid  1842] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1842] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1842] close(4)                    = 0
[pid  1842] close(3)                    = 0
[pid  1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1841] <... futex resumed>)        = 0
[pid  1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1842] <... futex resumed>)        = 0
[pid  1842] chdir("./file0")            = 0
[pid  1841] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1841] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1842] <... futex resumed>)        = 0
[pid  1841] <... futex resumed>)        = 1
[pid  1842] creat("./file0", 000 <unfinished ...>
[pid  1841] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1842] <... creat resumed>)        = 3
[pid  1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1841] <... futex resumed>)        = 0
[pid  1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1842] <... futex resumed>)        = 0
[pid  1841] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1842] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1841] <... mmap resumed>)         = 0x7f0168051000
[pid  1841] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1842] <... write resumed>)        = 40
[pid  1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1841] <... mprotect resumed>)     = 0
[pid  1841] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1845 attached
, parent_tid=[1845], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1845
[pid  1845] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1845] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1841] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1845] <... futex resumed>)        = 0
[pid  1845] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1841] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1845] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1845] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1841] <... futex resumed>)        = 0
[pid  1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1842] <... futex resumed>)        = 0
[pid  1841] <... futex resumed>)        = 1
[pid  1842] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1841] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1841] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1841] exit_group(0 <unfinished ...>
[pid  1845] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1841] <... exit_group resumed>)   = ?
[pid  1842] <... futex resumed>)        = ?
[pid  1845] <... futex resumed>)        = ?
[pid  1845] +++ exited with 0 +++
[pid  1842] +++ exited with 0 +++
[pid  1841] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1841, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./310", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./310/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./310/binderfs")                = 0
[   63.969546][ T1845] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   63.995750][ T1842] EXT4-fs (loop0): pa ffff8881ed9ca930: logic 16, phys. 128, len 24
[   64.003973][ T1842] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./310/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./310/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./310/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./310")                          = 0
mkdir("./311", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1846
./strace-static-x86_64: Process 1846 attached
[pid  1846] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1846] chdir("./311")              = 0
[pid  1846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1846] setpgid(0, 0)               = 0
[pid  1846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1846] write(3, "1000", 4)         = 4
[pid  1846] close(3)                    = 0
[pid  1846] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1846] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1846] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1846] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1847 attached
, parent_tid=[1847], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1847
[pid  1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1846] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1847] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1847] memfd_create("syzkaller", 0) = 3
[pid  1847] ftruncate(3, 2097152)       = 0
[pid  1847] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1847] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1847] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1847] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1847] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1847] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1847] mkdir("./file0", 0777)      = 0
[pid  1847] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1847] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1847] close(4)                    = 0
[pid  1847] close(3)                    = 0
[pid  1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1846] <... futex resumed>)        = 0
[pid  1847] chdir("./file0" <unfinished ...>
[pid  1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1847] <... chdir resumed>)        = 0
[pid  1846] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1846] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1847] creat("./file0", 000 <unfinished ...>
[pid  1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1847] <... creat resumed>)        = 3
[pid  1846] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1846] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1847] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1847] <... write resumed>)        = 40
[pid  1846] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1846] <... futex resumed>)        = 0
[pid  1847] <... futex resumed>)        = 0
[pid  1846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1847] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1846] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1846] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1850 attached
 <unfinished ...>
[pid  1850] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1850] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1846] <... clone resumed>, parent_tid=[1850], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1850
[pid  1846] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1850] <... futex resumed>)        = 0
[pid  1850] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1846] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1850] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1850] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1850] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1846] <... futex resumed>)        = 0
[pid  1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1846] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1847] <... futex resumed>)        = 0
[pid  1847] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1847] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1846] <... futex resumed>)        = 0
[pid  1846] exit_group(0)               = ?
[pid  1850] <... futex resumed>)        = ?
[pid  1847] <... futex resumed>)        = ?
[pid  1847] +++ exited with 0 +++
[pid  1850] +++ exited with 0 +++
[pid  1846] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1846, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./311", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./311/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./311/binderfs")                = 0
[   64.118659][ T1850] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   64.135013][ T1850] EXT4-fs (loop0): pa ffff8881e6911348: logic 16, phys. 128, len 24
[   64.143043][ T1850] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./311/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./311/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./311/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./311")                          = 0
mkdir("./312", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1851
./strace-static-x86_64: Process 1851 attached
[pid  1851] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1851] chdir("./312")              = 0
[pid  1851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1851] setpgid(0, 0)               = 0
[pid  1851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1851] write(3, "1000", 4)         = 4
[pid  1851] close(3)                    = 0
[pid  1851] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1851] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1851] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1851] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1852], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1852
./strace-static-x86_64: Process 1852 attached
[pid  1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1851] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1852] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1852] memfd_create("syzkaller", 0) = 3
[pid  1852] ftruncate(3, 2097152)       = 0
[pid  1852] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1852] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1852] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1852] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1852] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1852] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1852] mkdir("./file0", 0777)      = 0
[pid  1852] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1852] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1852] close(4)                    = 0
[pid  1852] close(3)                    = 0
[pid  1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1851] <... futex resumed>)        = 0
[pid  1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1851] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1852] <... futex resumed>)        = 1
[pid  1852] chdir("./file0")            = 0
[pid  1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1851] <... futex resumed>)        = 0
[pid  1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1851] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1852] <... futex resumed>)        = 1
[pid  1852] creat("./file0", 000)       = 3
[pid  1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1851] <... futex resumed>)        = 0
[pid  1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1851] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1851] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1851] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1855], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1855
./strace-static-x86_64: Process 1855 attached
[pid  1851] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1851] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1852] <... futex resumed>)        = 1
[pid  1852] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1855] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1852] <... futex resumed>)        = 0
[pid  1852] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1855] <... set_robust_list resumed>) = 0
[pid  1855] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1855] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1851] <... futex resumed>)        = 0
[pid  1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1851] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1852] <... futex resumed>)        = 0
[pid  1852] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1851] <... futex resumed>)        = 0
[pid  1855] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1851] exit_group(0)               = ?
[pid  1855] <... futex resumed>)        = ?
[pid  1852] <... futex resumed>)        = ?
[pid  1852] +++ exited with 0 +++
[pid  1855] +++ exited with 0 +++
[pid  1851] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1851, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./312", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./312/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./312/binderfs")                = 0
[   64.242958][ T1855] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   64.260038][ T1855] EXT4-fs (loop0): pa ffff8881e6911150: logic 16, phys. 128, len 24
[   64.268032][ T1855] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./312/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./312/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./312/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./312")                          = 0
mkdir("./313", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1856
./strace-static-x86_64: Process 1856 attached
[pid  1856] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1856] chdir("./313")              = 0
[pid  1856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1856] setpgid(0, 0)               = 0
[pid  1856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1856] write(3, "1000", 4)         = 4
[pid  1856] close(3)                    = 0
[pid  1856] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1856] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1856] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1856] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1857 attached
, parent_tid=[1857], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1857
[pid  1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1856] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1857] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1857] memfd_create("syzkaller", 0) = 3
[pid  1857] ftruncate(3, 2097152)       = 0
[pid  1857] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1857] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1857] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1857] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1857] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1857] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1857] mkdir("./file0", 0777)      = 0
[pid  1857] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1857] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1857] close(4)                    = 0
[pid  1857] close(3)                    = 0
[pid  1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1856] <... futex resumed>)        = 0
[pid  1857] chdir("./file0" <unfinished ...>
[pid  1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1856] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1857] <... chdir resumed>)        = 0
[pid  1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1856] <... futex resumed>)        = 0
[pid  1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1857] creat("./file0", 000 <unfinished ...>
[pid  1856] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1857] <... creat resumed>)        = 3
[pid  1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1857] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1856] <... futex resumed>)        = 0
[pid  1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1856] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1856] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1856] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1860], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1860
[pid  1856] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1856] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1857] <... futex resumed>)        = 0
[pid  1857] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1857] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1860 attached
 <unfinished ...>
[pid  1860] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1860] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1860] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1856] <... futex resumed>)        = 0
[pid  1860] <... futex resumed>)        = 1
[pid  1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1860] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1857] <... futex resumed>)        = 0
[pid  1856] <... futex resumed>)        = 1
[pid  1857] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1856] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1857] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1856] <... futex resumed>)        = 0
[pid  1857] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1856] exit_group(0)               = ?
[pid  1857] <... futex resumed>)        = 231
[pid  1857] +++ exited with 0 +++
[pid  1860] <... futex resumed>)        = ?
[   64.392363][ T1857] EXT4-fs mount: 152 callbacks suppressed
[   64.392370][ T1857] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   64.416392][ T1860] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   64.432638][ T1860] EXT4-fs (loop0): pa ffff8881e69110a8: logic 16, phys. 128, len 24
[pid  1860] +++ exited with 0 +++
[pid  1856] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1856, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./313", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./313/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./313/binderfs")                = 0
[   64.440648][ T1860] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./313/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./313/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./313/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./313")                          = 0
mkdir("./314", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1861 attached
, child_tidptr=0x55555656e5d0) = 1861
[pid  1861] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1861] chdir("./314")              = 0
[pid  1861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1861] setpgid(0, 0)               = 0
[pid  1861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1861] write(3, "1000", 4)         = 4
[pid  1861] close(3)                    = 0
[pid  1861] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1861] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1861] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1861] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1862], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1862
[pid  1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1861] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1862 attached
 <unfinished ...>
[pid  1862] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1862] memfd_create("syzkaller", 0) = 3
[pid  1862] ftruncate(3, 2097152)       = 0
[pid  1862] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1862] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1862] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1862] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1862] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1862] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1862] mkdir("./file0", 0777)      = 0
[pid  1862] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1862] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1862] close(4)                    = 0
[pid  1862] close(3)                    = 0
[pid  1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1861] <... futex resumed>)        = 0
[pid  1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1861] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1862] chdir("./file0")            = 0
[pid  1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1861] <... futex resumed>)        = 0
[pid  1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1861] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1862] creat("./file0", 000)       = 3
[pid  1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1861] <... futex resumed>)        = 0
[pid  1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1861] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1861] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1861] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1865], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1865
[pid  1861] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1861] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1862] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1862] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1865 attached
 <unfinished ...>
[pid  1865] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1865] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1865] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1861] <... futex resumed>)        = 0
[pid  1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1861] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1865] <... futex resumed>)        = 1
[pid  1865] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1862] <... futex resumed>)        = 0
[pid  1862] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1861] <... futex resumed>)        = 0
[pid  1861] exit_group(0)               = ?
[pid  1865] <... futex resumed>)        = ?
[pid  1865] +++ exited with 0 +++
[   64.524854][ T1862] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   64.542717][ T1865] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   64.560347][ T1862] EXT4-fs (loop0): pa ffff8881e69115e8: logic 16, phys. 128, len 24
[pid  1862] +++ exited with 0 +++
[pid  1861] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1861, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./314", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./314/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./314/binderfs")                = 0
[   64.568502][ T1862] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./314/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./314/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./314/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./314")                          = 0
mkdir("./315", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1866
./strace-static-x86_64: Process 1866 attached
[pid  1866] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1866] chdir("./315")              = 0
[pid  1866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1866] setpgid(0, 0)               = 0
[pid  1866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1866] write(3, "1000", 4)         = 4
[pid  1866] close(3)                    = 0
[pid  1866] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1866] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1866] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1866] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1867], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1867
./strace-static-x86_64: Process 1867 attached
[pid  1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1866] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1867] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1867] memfd_create("syzkaller", 0) = 3
[pid  1867] ftruncate(3, 2097152)       = 0
[pid  1867] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1867] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1867] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1867] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1867] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1867] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1867] mkdir("./file0", 0777)      = 0
[pid  1867] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1867] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1867] close(4)                    = 0
[pid  1867] close(3)                    = 0
[pid  1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1866] <... futex resumed>)        = 0
[pid  1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1866] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1867] chdir("./file0")            = 0
[pid  1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1866] <... futex resumed>)        = 0
[pid  1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1867] creat("./file0", 000 <unfinished ...>
[pid  1866] <... futex resumed>)        = 0
[pid  1866] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1867] <... creat resumed>)        = 3
[pid  1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1866] <... futex resumed>)        = 0
[pid  1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1866] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1867] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1866] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1866] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1870], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1870
[pid  1867] <... write resumed>)        = 40
[pid  1866] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1866] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1867] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1870 attached
 <unfinished ...>
[pid  1870] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1870] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1870] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1866] <... futex resumed>)        = 0
[pid  1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1866] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1870] <... futex resumed>)        = 1
[pid  1870] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1867] <... futex resumed>)        = 0
[pid  1867] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1866] <... futex resumed>)        = 0
[pid  1866] exit_group(0)               = ?
[pid  1867] +++ exited with 0 +++
[pid  1870] <... futex resumed>)        = ?
[   64.714938][ T1867] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   64.734879][ T1870] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   64.752333][ T1870] EXT4-fs (loop0): pa ffff8881ed9cadc8: logic 16, phys. 128, len 24
[pid  1870] +++ exited with 0 +++
[pid  1866] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1866, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./315", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./315/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./315/binderfs")                = 0
[   64.760331][ T1870] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./315/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./315/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./315/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./315")                          = 0
mkdir("./316", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1871
./strace-static-x86_64: Process 1871 attached
[pid  1871] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1871] chdir("./316")              = 0
[pid  1871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1871] setpgid(0, 0)               = 0
[pid  1871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1871] write(3, "1000", 4)         = 4
[pid  1871] close(3)                    = 0
[pid  1871] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1871] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1871] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1871] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1872 attached
, parent_tid=[1872], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1872
[pid  1872] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1872] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1872] <... futex resumed>)        = 0
[pid  1872] memfd_create("syzkaller", 0) = 3
[pid  1872] ftruncate(3, 2097152)       = 0
[pid  1872] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1872] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1872] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1872] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1872] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1872] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1872] mkdir("./file0", 0777)      = 0
[pid  1872] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" <unfinished ...>
[pid  1871] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1872] <... mount resumed>)        = 0
[pid  1872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1872] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1872] close(4)                    = 0
[pid  1872] close(3)                    = 0
[pid  1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1871] <... futex resumed>)        = 0
[pid  1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1872] chdir("./file0" <unfinished ...>
[pid  1871] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1872] <... chdir resumed>)        = 0
[pid  1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1871] <... futex resumed>)        = 0
[pid  1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1872] creat("./file0", 000 <unfinished ...>
[pid  1871] <... futex resumed>)        = 0
[pid  1871] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1872] <... creat resumed>)        = 3
[pid  1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1871] <... futex resumed>)        = 0
[pid  1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1872] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1871] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1872] <... write resumed>)        = 40
[pid  1871] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1871] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1875 attached
 <unfinished ...>
[pid  1875] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1875] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1871] <... clone resumed>, parent_tid=[1875], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1875
[pid  1871] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1875] <... futex resumed>)        = 0
[pid  1875] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1871] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1872] <... futex resumed>)        = 0
[pid  1872] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1875] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1875] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1871] <... futex resumed>)        = 0
[pid  1875] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1871] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1872] <... futex resumed>)        = 0
[pid  1872] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1871] <... futex resumed>)        = 0
[pid  1871] exit_group(0)               = ?
[pid  1875] <... futex resumed>)        = ?
[pid  1875] +++ exited with 0 +++
[   64.881699][ T1872] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   64.902330][ T1875] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   64.919622][ T1872] EXT4-fs (loop0): pa ffff8881e6911d20: logic 16, phys. 128, len 24
[pid  1872] +++ exited with 0 +++
[pid  1871] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1871, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./316", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./316/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./316/binderfs")                = 0
[   64.927677][ T1872] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./316/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./316/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./316/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./316")                          = 0
mkdir("./317", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1876
./strace-static-x86_64: Process 1876 attached
[pid  1876] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1876] chdir("./317")              = 0
[pid  1876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1876] setpgid(0, 0)               = 0
[pid  1876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1876] write(3, "1000", 4)         = 4
[pid  1876] close(3)                    = 0
[pid  1876] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1876] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1876] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1876] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1877], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1877
./strace-static-x86_64: Process 1877 attached
[pid  1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1877] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  1876] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1877] <... set_robust_list resumed>) = 0
[pid  1877] memfd_create("syzkaller", 0) = 3
[pid  1877] ftruncate(3, 2097152)       = 0
[pid  1877] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1877] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1877] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1877] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1877] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1877] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1877] mkdir("./file0", 0777)      = 0
[pid  1877] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1877] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1877] close(4)                    = 0
[pid  1877] close(3)                    = 0
[pid  1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1876] <... futex resumed>)        = 0
[pid  1877] <... futex resumed>)        = 1
[pid  1877] chdir("./file0" <unfinished ...>
[pid  1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1876] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1877] <... chdir resumed>)        = 0
[pid  1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1876] <... futex resumed>)        = 0
[pid  1877] creat("./file0", 000 <unfinished ...>
[pid  1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1876] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1877] <... creat resumed>)        = 3
[pid  1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1876] <... futex resumed>)        = 0
[pid  1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1876] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1876] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1876] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1880], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1880
./strace-static-x86_64: Process 1880 attached
[pid  1876] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1880] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1876] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1880] <... set_robust_list resumed>) = 0
[pid  1880] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1877] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1880] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1880] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1877] <... write resumed>)        = 40
[pid  1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1877] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1876] <... futex resumed>)        = 0
[pid  1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1876] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1877] <... futex resumed>)        = 0
[pid  1877] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1876] <... futex resumed>)        = 0
[pid  1876] exit_group(0)               = ?
[pid  1877] <... futex resumed>)        = ?
[pid  1877] +++ exited with 0 +++
[pid  1880] <... futex resumed>)        = ?
[pid  1880] +++ exited with 0 +++
[pid  1876] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1876, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./317", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./317/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./317/binderfs")                = 0
[   65.074798][ T1877] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   65.096163][ T1880] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./317/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./317/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./317/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./317")                          = 0
mkdir("./318", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1881
./strace-static-x86_64: Process 1881 attached
[pid  1881] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1881] chdir("./318")              = 0
[pid  1881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1881] setpgid(0, 0)               = 0
[pid  1881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1881] write(3, "1000", 4)         = 4
[pid  1881] close(3)                    = 0
[pid  1881] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1881] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1881] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1881] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1882 attached
, parent_tid=[1882], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1882
[pid  1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1881] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1882] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1882] memfd_create("syzkaller", 0) = 3
[pid  1882] ftruncate(3, 2097152)       = 0
[pid  1882] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1882] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1882] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1882] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1882] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1882] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1882] mkdir("./file0", 0777)      = 0
[pid  1882] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1882] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1882] close(4)                    = 0
[pid  1882] close(3)                    = 0
[pid  1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1881] <... futex resumed>)        = 0
[pid  1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1881] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1882] <... futex resumed>)        = 1
[pid  1882] chdir("./file0")            = 0
[pid  1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1881] <... futex resumed>)        = 0
[pid  1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1881] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1882] <... futex resumed>)        = 1
[pid  1882] creat("./file0", 000)       = 3
[pid  1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1881] <... futex resumed>)        = 0
[pid  1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1881] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1881] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1881] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1885], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1885
[pid  1881] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1881] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1882] <... futex resumed>)        = 1
[pid  1882] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1882] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1885 attached
 <unfinished ...>
[pid  1885] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1885] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1885] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1881] <... futex resumed>)        = 0
[pid  1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1885] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1882] <... futex resumed>)        = 0
[pid  1881] <... futex resumed>)        = 1
[pid  1882] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1881] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1882] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1881] <... futex resumed>)        = 0
[pid  1881] exit_group(0 <unfinished ...>
[pid  1885] <... futex resumed>)        = 231
[pid  1881] <... exit_group resumed>)   = ?
[pid  1882] +++ exited with 0 +++
[   65.196056][ T1882] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   65.213716][ T1885] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   65.231855][ T1885] EXT4-fs (loop0): pa ffff8881e6911b28: logic 16, phys. 128, len 24
[pid  1885] +++ exited with 0 +++
[pid  1881] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1881, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./318", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./318/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./318/binderfs")                = 0
[   65.239836][ T1885] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./318/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./318/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./318/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./318")                          = 0
mkdir("./319", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1886
./strace-static-x86_64: Process 1886 attached
[pid  1886] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1886] chdir("./319")              = 0
[pid  1886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1886] setpgid(0, 0)               = 0
[pid  1886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1886] write(3, "1000", 4)         = 4
[pid  1886] close(3)                    = 0
[pid  1886] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1886] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1886] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1886] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1887], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1887
[pid  1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1886] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1887 attached
 <unfinished ...>
[pid  1887] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1887] memfd_create("syzkaller", 0) = 3
[pid  1887] ftruncate(3, 2097152)       = 0
[pid  1887] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1887] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1887] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1887] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1887] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1887] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1887] mkdir("./file0", 0777)      = 0
[pid  1887] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1887] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1887] close(4)                    = 0
[pid  1887] close(3)                    = 0
[pid  1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1886] <... futex resumed>)        = 0
[pid  1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1886] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1887] chdir("./file0")            = 0
[pid  1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1886] <... futex resumed>)        = 0
[pid  1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1886] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1887] creat("./file0", 000)       = 3
[pid  1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1886] <... futex resumed>)        = 0
[pid  1887] <... futex resumed>)        = 1
[pid  1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1887] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1886] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1887] <... write resumed>)        = 40
[pid  1886] <... mmap resumed>)         = 0x7f0168051000
[pid  1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1886] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1887] <... futex resumed>)        = 0
[pid  1886] <... mprotect resumed>)     = 0
[pid  1886] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1890 attached
 <unfinished ...>
[pid  1890] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1890] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1887] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1886] <... clone resumed>, parent_tid=[1890], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1890
[pid  1886] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1886] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1890] <... futex resumed>)        = 0
[pid  1890] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1890] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1886] <... futex resumed>)        = 0
[pid  1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1886] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1887] <... futex resumed>)        = 0
[pid  1887] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1890] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1887] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1886] <... futex resumed>)        = 0
[pid  1886] exit_group(0)               = ?
[pid  1890] <... futex resumed>)        = ?
[pid  1887] <... futex resumed>)        = ?
[pid  1887] +++ exited with 0 +++
[   65.357406][ T1887] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   65.376746][ T1890] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   65.393920][ T1890] EXT4-fs (loop0): pa ffff8881e6911f18: logic 16, phys. 128, len 24
[pid  1890] +++ exited with 0 +++
[pid  1886] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1886, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./319", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./319/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./319/binderfs")                = 0
[   65.401941][ T1890] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./319/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./319/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./319/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./319")                          = 0
mkdir("./320", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1891
./strace-static-x86_64: Process 1891 attached
[pid  1891] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1891] chdir("./320")              = 0
[pid  1891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1891] setpgid(0, 0)               = 0
[pid  1891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1891] write(3, "1000", 4)         = 4
[pid  1891] close(3)                    = 0
[pid  1891] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1891] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1891] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1891] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1892], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1892
./strace-static-x86_64: Process 1892 attached
[pid  1892] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1892] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1892] <... futex resumed>)        = 0
[pid  1892] memfd_create("syzkaller", 0) = 3
[pid  1892] ftruncate(3, 2097152)       = 0
[pid  1892] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1892] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248 <unfinished ...>
[pid  1891] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1892] <... pwrite64 resumed>)     = 31
[pid  1892] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1892] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1892] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1892] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1892] mkdir("./file0", 0777)      = 0
[pid  1892] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1892] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1892] close(4)                    = 0
[pid  1892] close(3)                    = 0
[pid  1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1892] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1891] <... futex resumed>)        = 0
[pid  1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1892] <... futex resumed>)        = 0
[pid  1891] <... futex resumed>)        = 1
[pid  1892] chdir("./file0")            = 0
[pid  1891] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1891] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1892] <... futex resumed>)        = 0
[pid  1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1892] creat("./file0", 000 <unfinished ...>
[pid  1891] <... futex resumed>)        = 0
[pid  1892] <... creat resumed>)        = 3
[pid  1891] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1891] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1892] <... futex resumed>)        = 0
[pid  1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1892] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1891] <... futex resumed>)        = 0
[pid  1892] <... write resumed>)        = 40
[pid  1891] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1891] <... futex resumed>)        = 0
[pid  1892] <... futex resumed>)        = 0
[pid  1891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1892] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1891] <... mmap resumed>)         = 0x7f0168051000
[pid  1891] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1891] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1895], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1895
./strace-static-x86_64: Process 1895 attached
[pid  1891] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1895] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1891] <... futex resumed>)        = 0
[pid  1895] <... set_robust_list resumed>) = 0
[pid  1891] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1895] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1895] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1895] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1891] <... futex resumed>)        = 0
[pid  1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1892] <... futex resumed>)        = 0
[pid  1891] <... futex resumed>)        = 1
[pid  1892] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1891] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1891] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1892] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1891] exit_group(0 <unfinished ...>
[pid  1895] <... futex resumed>)        = ?
[pid  1892] <... futex resumed>)        = ?
[pid  1891] <... exit_group resumed>)   = ?
[pid  1895] +++ exited with 0 +++
[pid  1892] +++ exited with 0 +++
[   65.490621][ T1892] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   65.505358][ T1895] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   65.523223][ T1891] EXT4-fs (loop0): pa ffff8881e69fe000: logic 16, phys. 128, len 24
[pid  1891] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1891, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./320", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./320/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./320/binderfs")                = 0
[   65.531269][ T1891] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./320/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./320/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./320/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./320")                          = 0
mkdir("./321", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1896 attached
 <unfinished ...>
[pid  1896] set_robust_list(0x55555656e5e0, 24 <unfinished ...>
[pid   304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1896
[pid  1896] <... set_robust_list resumed>) = 0
[pid  1896] chdir("./321")              = 0
[pid  1896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1896] setpgid(0, 0)               = 0
[pid  1896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1896] write(3, "1000", 4)         = 4
[pid  1896] close(3)                    = 0
[pid  1896] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1896] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1896] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1896] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1897], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1897
[pid  1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1896] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1897 attached
 <unfinished ...>
[pid  1897] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1897] memfd_create("syzkaller", 0) = 3
[pid  1897] ftruncate(3, 2097152)       = 0
[pid  1897] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1897] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1897] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1897] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1897] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1897] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1897] mkdir("./file0", 0777)      = 0
[pid  1897] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1897] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1897] close(4)                    = 0
[pid  1897] close(3)                    = 0
[pid  1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1897] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1896] <... futex resumed>)        = 0
[pid  1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1896] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1897] <... futex resumed>)        = 0
[pid  1897] chdir("./file0")            = 0
[pid  1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1897] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1896] <... futex resumed>)        = 0
[pid  1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1896] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1897] <... futex resumed>)        = 0
[pid  1897] creat("./file0", 000)       = 3
[pid  1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1896] <... futex resumed>)        = 0
[pid  1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1896] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1896] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1896] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1900], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1900
[pid  1896] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1896] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1897] <... futex resumed>)        = 1
[pid  1897] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1897] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1900 attached
 <unfinished ...>
[pid  1900] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1900] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1900] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1896] <... futex resumed>)        = 0
[pid  1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1897] <... futex resumed>)        = 0
[pid  1896] <... futex resumed>)        = 1
[pid  1897] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1896] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1897] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1896] <... futex resumed>)        = 0
[pid  1897] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1896] exit_group(0 <unfinished ...>
[pid  1897] <... futex resumed>)        = ?
[pid  1896] <... exit_group resumed>)   = ?
[pid  1897] +++ exited with 0 +++
[   65.687073][ T1897] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   65.715803][ T1900] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[pid  1900] +++ exited with 0 +++
[pid  1896] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1896, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./321", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./321/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./321/binderfs")                = 0
[   65.732298][ T1900] EXT4-fs (loop0): pa ffff8881e69fedc8: logic 16, phys. 128, len 24
[   65.740401][ T1900] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./321/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./321/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./321/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./321")                          = 0
mkdir("./322", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1901
./strace-static-x86_64: Process 1901 attached
[pid  1901] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1901] chdir("./322")              = 0
[pid  1901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1901] setpgid(0, 0)               = 0
[pid  1901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1901] write(3, "1000", 4)         = 4
[pid  1901] close(3)                    = 0
[pid  1901] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1901] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1901] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1901] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1902], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1902
[pid  1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1901] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1902 attached
 <unfinished ...>
[pid  1902] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1902] memfd_create("syzkaller", 0) = 3
[pid  1902] ftruncate(3, 2097152)       = 0
[pid  1902] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1902] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1902] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1902] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1902] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1902] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1902] mkdir("./file0", 0777)      = 0
[pid  1902] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1902] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1902] close(4)                    = 0
[pid  1902] close(3)                    = 0
[pid  1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1901] <... futex resumed>)        = 0
[pid  1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1902] chdir("./file0" <unfinished ...>
[pid  1901] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1902] <... chdir resumed>)        = 0
[pid  1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1901] <... futex resumed>)        = 0
[pid  1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1902] creat("./file0", 000 <unfinished ...>
[pid  1901] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1902] <... creat resumed>)        = 3
[pid  1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1901] <... futex resumed>)        = 0
[pid  1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1902] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1901] <... futex resumed>)        = 0
[pid  1901] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1901] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1901] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1905 attached
 <unfinished ...>
[pid  1905] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1905] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1901] <... clone resumed>, parent_tid=[1905], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1905
[pid  1901] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1905] <... futex resumed>)        = 0
[pid  1901] <... futex resumed>)        = 1
[pid  1905] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1901] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1902] <... write resumed>)        = 40
[pid  1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1902] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1905] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1905] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1901] <... futex resumed>)        = 0
[pid  1905] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1901] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1902] <... futex resumed>)        = 0
[pid  1902] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1901] <... futex resumed>)        = 0
[pid  1901] exit_group(0 <unfinished ...>
[pid  1905] <... futex resumed>)        = ?
[pid  1901] <... exit_group resumed>)   = ?
[pid  1905] +++ exited with 0 +++
[   65.867762][ T1902] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   65.894997][ T1905] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[pid  1902] +++ exited with 0 +++
[pid  1901] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1901, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./322", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./322/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./322/binderfs")                = 0
[   65.912440][ T1902] EXT4-fs (loop0): pa ffff8881e69fe5e8: logic 16, phys. 128, len 24
[   65.920524][ T1902] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./322/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./322/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./322/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./322")                          = 0
mkdir("./323", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1906
./strace-static-x86_64: Process 1906 attached
[pid  1906] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1906] chdir("./323")              = 0
[pid  1906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1906] setpgid(0, 0)               = 0
[pid  1906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1906] write(3, "1000", 4)         = 4
[pid  1906] close(3)                    = 0
[pid  1906] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1906] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1906] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1906] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1907 attached
, parent_tid=[1907], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1907
[pid  1907] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1907] <... futex resumed>)        = 0
[pid  1906] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1907] memfd_create("syzkaller", 0) = 3
[pid  1907] ftruncate(3, 2097152)       = 0
[pid  1907] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1907] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1907] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1907] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1907] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1907] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1907] mkdir("./file0", 0777)      = 0
[pid  1907] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1907] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1907] close(4)                    = 0
[pid  1907] close(3)                    = 0
[pid  1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1906] <... futex resumed>)        = 0
[pid  1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1907] <... futex resumed>)        = 0
[pid  1906] <... futex resumed>)        = 1
[pid  1907] chdir("./file0")            = 0
[pid  1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1906] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1907] <... futex resumed>)        = 0
[pid  1906] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1907] creat("./file0", 000)       = 3
[pid  1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1906] <... futex resumed>)        = 0
[pid  1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1906] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1907] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1906] <... futex resumed>)        = 0
[pid  1906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1906] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1907] <... write resumed>)        = 40
[pid  1906] <... mprotect resumed>)     = 0
[pid  1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1906] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1910 attached
, parent_tid=[1910], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1910
[pid  1910] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1906] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1906] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1910] <... set_robust_list resumed>) = 0
[pid  1910] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1910] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1906] <... futex resumed>)        = 0
[pid  1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1907] <... futex resumed>)        = 0
[pid  1907] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1906] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1907] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1906] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1907] <... futex resumed>)        = 0
[pid  1906] exit_group(0 <unfinished ...>
[pid  1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1906] <... exit_group resumed>)   = ?
[pid  1907] <... futex resumed>)        = ?
[pid  1907] +++ exited with 0 +++
[   66.013530][ T1907] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   66.029566][ T1910] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   66.045915][ T1910] EXT4-fs (loop0): pa ffff8881ed9ca2a0: logic 16, phys. 128, len 24
[pid  1910] +++ exited with 0 +++
[pid  1906] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1906, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./323/binderfs")                = 0
[   66.054095][ T1910] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./323/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./323/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./323/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./323")                          = 0
mkdir("./324", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1911
./strace-static-x86_64: Process 1911 attached
[pid  1911] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1911] chdir("./324")              = 0
[pid  1911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1911] setpgid(0, 0)               = 0
[pid  1911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1911] write(3, "1000", 4)         = 4
[pid  1911] close(3)                    = 0
[pid  1911] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1911] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1911] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1911] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1912], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1912
[pid  1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1911] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1912 attached
 <unfinished ...>
[pid  1912] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1912] memfd_create("syzkaller", 0) = 3
[pid  1912] ftruncate(3, 2097152)       = 0
[pid  1912] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1912] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1912] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1912] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1912] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1912] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1912] mkdir("./file0", 0777)      = 0
[pid  1912] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1912] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1912] close(4)                    = 0
[pid  1912] close(3)                    = 0
[pid  1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1911] <... futex resumed>)        = 0
[pid  1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1912] chdir("./file0")            = 0
[pid  1911] <... futex resumed>)        = 0
[pid  1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1911] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1912] <... futex resumed>)        = 0
[pid  1911] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1912] creat("./file0", 000 <unfinished ...>
[pid  1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1911] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1912] <... creat resumed>)        = 3
[pid  1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1911] <... futex resumed>)        = 0
[pid  1912] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1911] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1911] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1911] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1915], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1915
[pid  1911] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1911] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1912] <... write resumed>)        = 40
[pid  1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1912] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1915 attached
 <unfinished ...>
[pid  1915] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1915] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1915] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1915] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1911] <... futex resumed>)        = 0
[pid  1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1912] <... futex resumed>)        = 0
[pid  1911] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1912] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1911] <... futex resumed>)        = 0
[pid  1912] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1911] exit_group(0)               = ?
[pid  1915] <... futex resumed>)        = ?
[pid  1915] +++ exited with 0 +++
[pid  1912] <... futex resumed>)        = ?
[   66.204302][ T1912] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   66.225019][ T1915] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   66.241831][ T1912] EXT4-fs (loop0): pa ffff8881ed9ca7e0: logic 16, phys. 128, len 24
[pid  1912] +++ exited with 0 +++
[pid  1911] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1911, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./324/binderfs")                = 0
[   66.249797][ T1912] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./324/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./324/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./324/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./324")                          = 0
mkdir("./325", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1916
./strace-static-x86_64: Process 1916 attached
[pid  1916] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1916] chdir("./325")              = 0
[pid  1916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1916] setpgid(0, 0)               = 0
[pid  1916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1916] write(3, "1000", 4)         = 4
[pid  1916] close(3)                    = 0
[pid  1916] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1916] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1916] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1916] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1917 attached
 <unfinished ...>
[pid  1917] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1917] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1916] <... clone resumed>, parent_tid=[1917], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1917
[pid  1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1917] <... futex resumed>)        = 0
[pid  1917] memfd_create("syzkaller", 0) = 3
[pid  1917] ftruncate(3, 2097152)       = 0
[pid  1917] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1917] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1917] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1917] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1917] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408 <unfinished ...>
[pid  1916] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1917] <... pwrite64 resumed>)     = 61
[pid  1917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1917] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1917] mkdir("./file0", 0777)      = 0
[pid  1917] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1917] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1917] close(4)                    = 0
[pid  1917] close(3)                    = 0
[pid  1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1916] <... futex resumed>)        = 0
[pid  1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1916] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1917] <... futex resumed>)        = 1
[pid  1917] chdir("./file0")            = 0
[pid  1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1916] <... futex resumed>)        = 0
[pid  1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1916] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1917] <... futex resumed>)        = 1
[pid  1917] creat("./file0", 000)       = 3
[pid  1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1916] <... futex resumed>)        = 0
[pid  1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1916] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1916] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1916] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1920 attached
, parent_tid=[1920], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1920
[pid  1916] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1916] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1917] <... futex resumed>)        = 1
[pid  1917] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1920] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1917] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1920] <... set_robust_list resumed>) = 0
[pid  1920] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1920] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1916] <... futex resumed>)        = 0
[pid  1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1916] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1917] <... futex resumed>)        = 0
[pid  1917] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1916] <... futex resumed>)        = 0
[pid  1916] exit_group(0)               = ?
[pid  1917] <... futex resumed>)        = ?
[pid  1917] +++ exited with 0 +++
[   66.343697][ T1917] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   66.367202][ T1920] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   66.384138][ T1920] EXT4-fs (loop0): pa ffff8881e69fee70: logic 16, phys. 128, len 24
[pid  1920] +++ exited with 0 +++
[pid  1916] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1916, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./325/binderfs")                = 0
umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./325/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./325/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./325/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./325")                          = 0
mkdir("./326", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1921
./strace-static-x86_64: Process 1921 attached
[pid  1921] set_robust_list(0x55555656e5e0, 24) = 0
[   66.392142][ T1920] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
[pid  1921] chdir("./326")              = 0
[pid  1921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1921] setpgid(0, 0)               = 0
[pid  1921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1921] write(3, "1000", 4)         = 4
[pid  1921] close(3)                    = 0
[pid  1921] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1921] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1921] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1921] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1922 attached
, parent_tid=[1922], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1922
[pid  1922] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1922] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1922] <... futex resumed>)        = 0
[pid  1922] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1921] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1922] <... memfd_create resumed>) = 3
[pid  1922] ftruncate(3, 2097152)       = 0
[pid  1922] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1922] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1922] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1922] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1922] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1922] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1922] mkdir("./file0", 0777)      = 0
[pid  1922] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1922] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1922] close(4)                    = 0
[pid  1922] close(3)                    = 0
[pid  1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1921] <... futex resumed>)        = 0
[pid  1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1921] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1922] <... futex resumed>)        = 1
[pid  1922] chdir("./file0")            = 0
[pid  1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1921] <... futex resumed>)        = 0
[pid  1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1921] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1922] <... futex resumed>)        = 1
[pid  1922] creat("./file0", 000)       = 3
[pid  1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1921] <... futex resumed>)        = 0
[pid  1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1921] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1921] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1921] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1925], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1925
[pid  1921] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1921] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1922] <... futex resumed>)        = 1
[pid  1922] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1922] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1925 attached
 <unfinished ...>
[pid  1925] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1925] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1925] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1921] <... futex resumed>)        = 0
[pid  1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1921] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1922] <... futex resumed>)        = 0
[pid  1922] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1921] <... futex resumed>)        = 0
[pid  1925] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1921] exit_group(0)               = ?
[pid  1925] <... futex resumed>)        = ?
[pid  1922] <... futex resumed>)        = ?
[pid  1922] +++ exited with 0 +++
[   66.467374][ T1922] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   66.484867][ T1925] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   66.501806][ T1925] EXT4-fs (loop0): pa ffff8881e69fed20: logic 16, phys. 128, len 24
[pid  1925] +++ exited with 0 +++
[pid  1921] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1921, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./326/binderfs")                = 0
[   66.509799][ T1925] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./326/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./326/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./326")                          = 0
mkdir("./327", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1926
./strace-static-x86_64: Process 1926 attached
[pid  1926] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1926] chdir("./327")              = 0
[pid  1926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1926] setpgid(0, 0)               = 0
[pid  1926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1926] write(3, "1000", 4)         = 4
[pid  1926] close(3)                    = 0
[pid  1926] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1926] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1926] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1926] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1927], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1927
[pid  1926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 1927 attached
[pid  1926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1927] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1927] memfd_create("syzkaller", 0) = 3
[pid  1927] ftruncate(3, 2097152)       = 0
[pid  1927] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1927] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1927] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1927] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1927] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1927] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1927] mkdir("./file0", 0777)      = 0
[pid  1927] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1927] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1927] close(4)                    = 0
[pid  1927] close(3)                    = 0
[pid  1927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1926] <... futex resumed>)        = 0
[pid  1927] <... futex resumed>)        = 1
[pid  1927] chdir("./file0" <unfinished ...>
[pid  1926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1927] <... chdir resumed>)        = 0
[pid  1927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1926] <... futex resumed>)        = 0
[pid  1927] <... futex resumed>)        = 1
[pid  1926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1927] creat("./file0", 000)       = 3
[pid  1927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1926] <... futex resumed>)        = 0
[pid  1926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1926] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1926] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1926] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1930], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1930
[pid  1926] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1926] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1930 attached
 <unfinished ...>
[pid  1930] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1930] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1927] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1930] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1930] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1926] <... futex resumed>)        = 0
[pid  1930] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1926] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1930] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1926] <... futex resumed>)        = 0
[pid  1930] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1926] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1930] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1930] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1926] <... futex resumed>)        = 0
[pid  1930] <... futex resumed>)        = 1
[pid  1930] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1927] <... write resumed>)        = 40
[pid  1927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1926] exit_group(0)               = ?
[pid  1930] <... futex resumed>)        = ?
[pid  1930] +++ exited with 0 +++
[pid  1927] +++ exited with 0 +++
[pid  1926] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1926, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./327/binderfs")                = 0
[   66.604946][ T1927] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   66.623918][ T1930] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./327/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./327/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./327")                          = 0
mkdir("./328", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1931
./strace-static-x86_64: Process 1931 attached
[pid  1931] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1931] chdir("./328")              = 0
[pid  1931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1931] setpgid(0, 0)               = 0
[pid  1931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1931] write(3, "1000", 4)         = 4
[pid  1931] close(3)                    = 0
[pid  1931] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1931] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1931] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1931] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1932], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1932
[pid  1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1932 attached
 <unfinished ...>
[pid  1932] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1932] memfd_create("syzkaller", 0) = 3
[pid  1932] ftruncate(3, 2097152)       = 0
[pid  1932] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1932] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1932] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1932] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1932] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1932] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1932] mkdir("./file0", 0777)      = 0
[pid  1932] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1932] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1932] close(4)                    = 0
[pid  1932] close(3)                    = 0
[pid  1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1931] <... futex resumed>)        = 0
[pid  1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1932] <... futex resumed>)        = 0
[pid  1931] <... futex resumed>)        = 1
[pid  1932] chdir("./file0")            = 0
[pid  1931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1931] <... futex resumed>)        = 0
[pid  1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1932] <... futex resumed>)        = 0
[pid  1931] <... futex resumed>)        = 1
[pid  1932] creat("./file0", 000 <unfinished ...>
[pid  1931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1932] <... creat resumed>)        = 3
[pid  1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1931] <... futex resumed>)        = 0
[pid  1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1932] <... futex resumed>)        = 0
[pid  1931] <... futex resumed>)        = 1
[pid  1932] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1931] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1932] <... write resumed>)        = 40
[pid  1931] <... futex resumed>)        = 0
[pid  1931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1931] <... mmap resumed>)         = 0x7f0168051000
[pid  1932] <... futex resumed>)        = 0
[pid  1931] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1931] <... mprotect resumed>)     = 0
[pid  1931] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1936], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1936
[pid  1931] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1931] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1936 attached
 <unfinished ...>
[pid  1936] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1936] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1936] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1931] <... futex resumed>)        = 0
[pid  1936] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1932] <... futex resumed>)        = 0
[pid  1931] <... futex resumed>)        = 1
[pid  1932] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1931] exit_group(0 <unfinished ...>
[pid  1936] <... futex resumed>)        = ?
[pid  1932] <... futex resumed>)        = ?
[pid  1931] <... exit_group resumed>)   = ?
[pid  1932] +++ exited with 0 +++
[   66.761093][ T1932] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   66.770144][   T67] cfg80211: failed to load regulatory.db
[   66.781779][ T1936] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   66.799372][ T1936] EXT4-fs (loop0): pa ffff8881e69fe2a0: logic 16, phys. 128, len 24
[pid  1936] +++ exited with 0 +++
[pid  1931] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1931, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./328/binderfs")                = 0
[   66.807417][ T1936] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./328/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./328")                          = 0
mkdir("./329", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1937
./strace-static-x86_64: Process 1937 attached
[pid  1937] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1937] chdir("./329")              = 0
[pid  1937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1937] setpgid(0, 0)               = 0
[pid  1937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1937] write(3, "1000", 4)         = 4
[pid  1937] close(3)                    = 0
[pid  1937] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1937] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1937] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1937] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1938], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1938
[pid  1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1937] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1938 attached
 <unfinished ...>
[pid  1938] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1938] memfd_create("syzkaller", 0) = 3
[pid  1938] ftruncate(3, 2097152)       = 0
[pid  1938] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1938] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1938] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1938] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1938] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1938] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1938] mkdir("./file0", 0777)      = 0
[pid  1938] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1938] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1938] close(4)                    = 0
[pid  1938] close(3)                    = 0
[pid  1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1937] <... futex resumed>)        = 0
[pid  1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1938] chdir("./file0" <unfinished ...>
[pid  1937] <... futex resumed>)        = 0
[pid  1938] <... chdir resumed>)        = 0
[pid  1937] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1937] <... futex resumed>)        = 0
[pid  1938] creat("./file0", 000 <unfinished ...>
[pid  1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1937] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1938] <... creat resumed>)        = 3
[pid  1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1937] <... futex resumed>)        = 0
[pid  1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1938] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1937] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1937] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1937] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  1938] <... write resumed>)        = 40
./strace-static-x86_64: Process 1941 attached
[pid  1941] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1941] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1937] <... clone resumed>, parent_tid=[1941], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1941
[pid  1937] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1941] <... futex resumed>)        = 0
[pid  1937] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1941] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1938] <... futex resumed>)        = 0
[pid  1938] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1941] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1941] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1937] <... futex resumed>)        = 0
[pid  1941] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1938] <... futex resumed>)        = 0
[pid  1937] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1938] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1937] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1938] <... futex resumed>)        = 0
[pid  1937] exit_group(0 <unfinished ...>
[pid  1938] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1937] <... exit_group resumed>)   = ?
[pid  1941] <... futex resumed>)        = ?
[pid  1941] +++ exited with 0 +++
[pid  1938] <... futex resumed>)        = ?
[   66.897728][ T1938] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   66.915294][ T1941] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   66.931389][ T1938] EXT4-fs (loop0): pa ffff8881e69fe738: logic 16, phys. 128, len 24
[pid  1938] +++ exited with 0 +++
[pid  1937] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1937, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./329/binderfs")                = 0
[   66.939358][ T1938] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./329/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./329/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./329")                          = 0
mkdir("./330", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1942
./strace-static-x86_64: Process 1942 attached
[pid  1942] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1942] chdir("./330")              = 0
[pid  1942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1942] setpgid(0, 0)               = 0
[pid  1942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1942] write(3, "1000", 4)         = 4
[pid  1942] close(3)                    = 0
[pid  1942] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1942] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1942] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1942] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1943 attached
 <unfinished ...>
[pid  1943] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1942] <... clone resumed>, parent_tid=[1943], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1943
[pid  1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1943] <... futex resumed>)        = 0
[pid  1942] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1943] memfd_create("syzkaller", 0) = 3
[pid  1943] ftruncate(3, 2097152)       = 0
[pid  1943] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1943] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1943] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1943] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1943] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1943] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1943] mkdir("./file0", 0777)      = 0
[pid  1943] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1943] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1943] close(4)                    = 0
[pid  1943] close(3)                    = 0
[pid  1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1942] <... futex resumed>)        = 0
[pid  1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1943] <... futex resumed>)        = 0
[pid  1943] chdir("./file0")            = 0
[pid  1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1942] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1943] <... futex resumed>)        = 0
[pid  1943] creat("./file0", 000 <unfinished ...>
[pid  1942] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1943] <... creat resumed>)        = 3
[pid  1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1942] <... futex resumed>)        = 0
[pid  1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1943] <... futex resumed>)        = 0
[pid  1942] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1943] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1942] <... futex resumed>)        = 0
[pid  1943] <... write resumed>)        = 40
[pid  1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1942] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1942] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1946 attached
, parent_tid=[1946], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1946
[pid  1946] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1946] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1942] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1946] <... futex resumed>)        = 0
[pid  1942] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1946] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1946] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1946] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1942] <... futex resumed>)        = 0
[pid  1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1943] <... futex resumed>)        = 0
[pid  1942] <... futex resumed>)        = 1
[pid  1943] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1942] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1942] exit_group(0 <unfinished ...>
[pid  1943] <... futex resumed>)        = ?
[pid  1942] <... exit_group resumed>)   = ?
[pid  1943] +++ exited with 0 +++
[pid  1946] <... futex resumed>)        = ?
[   67.073110][ T1943] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   67.092759][ T1946] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   67.109656][ T1946] EXT4-fs (loop0): pa ffff8881e69fea80: logic 16, phys. 128, len 24
[pid  1946] +++ exited with 0 +++
[pid  1942] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1942, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./330/binderfs")                = 0
[   67.117695][ T1946] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./330/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./330")                          = 0
mkdir("./331", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1947
./strace-static-x86_64: Process 1947 attached
[pid  1947] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1947] chdir("./331")              = 0
[pid  1947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1947] setpgid(0, 0)               = 0
[pid  1947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1947] write(3, "1000", 4)         = 4
[pid  1947] close(3)                    = 0
[pid  1947] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1947] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1947] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1947] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1948 attached
, parent_tid=[1948], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1948
[pid  1948] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1948] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1948] <... futex resumed>)        = 0
[pid  1948] memfd_create("syzkaller", 0) = 3
[pid  1948] ftruncate(3, 2097152)       = 0
[pid  1948] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1948] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1948] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1948] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1948] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1948] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  1947] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1948] <... ioctl resumed>)        = 0
[pid  1948] mkdir("./file0", 0777)      = 0
[pid  1948] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1948] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1948] close(4)                    = 0
[pid  1948] close(3)                    = 0
[pid  1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1947] <... futex resumed>)        = 0
[pid  1948] chdir("./file0" <unfinished ...>
[pid  1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1948] <... chdir resumed>)        = 0
[pid  1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1947] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1948] <... futex resumed>)        = 0
[pid  1947] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1948] creat("./file0", 000 <unfinished ...>
[pid  1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1947] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1948] <... creat resumed>)        = 3
[pid  1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1947] <... futex resumed>)        = 0
[pid  1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1948] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1947] <... futex resumed>)        = 0
[pid  1947] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1948] <... write resumed>)        = 40
[pid  1947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1947] <... mmap resumed>)         = 0x7f0168051000
[pid  1948] <... futex resumed>)        = 0
[pid  1947] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1948] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1947] <... mprotect resumed>)     = 0
[pid  1947] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1951 attached
, parent_tid=[1951], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1951
[pid  1951] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1947] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1951] <... set_robust_list resumed>) = 0
[pid  1947] <... futex resumed>)        = 0
[pid  1951] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1947] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1951] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1951] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1947] <... futex resumed>)        = 0
[pid  1951] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1947] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1948] <... futex resumed>)        = 0
[pid  1948] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1947] <... futex resumed>)        = 0
[pid  1947] exit_group(0 <unfinished ...>
[pid  1951] <... futex resumed>)        = ?
[pid  1947] <... exit_group resumed>)   = ?
[pid  1951] +++ exited with 0 +++
[   67.212075][ T1948] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   67.231833][ T1951] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   67.248528][ T1948] EXT4-fs (loop0): pa ffff8881e69fe9d8: logic 16, phys. 128, len 24
[pid  1948] +++ exited with 0 +++
[pid  1947] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1947, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./331/binderfs")                = 0
[   67.256683][ T1948] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./331/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./331/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./331")                          = 0
mkdir("./332", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1952 attached
 <unfinished ...>
[pid  1952] set_robust_list(0x55555656e5e0, 24) = 0
[pid   304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1952
[pid  1952] chdir("./332")              = 0
[pid  1952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1952] setpgid(0, 0)               = 0
[pid  1952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1952] write(3, "1000", 4)         = 4
[pid  1952] close(3)                    = 0
[pid  1952] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1952] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1952] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1952] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1953 attached
 <unfinished ...>
[pid  1953] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1953] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1952] <... clone resumed>, parent_tid=[1953], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1953
[pid  1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1953] <... futex resumed>)        = 0
[pid  1952] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1953] memfd_create("syzkaller", 0) = 3
[pid  1953] ftruncate(3, 2097152)       = 0
[pid  1953] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1953] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1953] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1953] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1953] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1953] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1953] mkdir("./file0", 0777)      = 0
[pid  1953] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1953] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1953] close(4)                    = 0
[pid  1953] close(3)                    = 0
[pid  1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1953] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1952] <... futex resumed>)        = 0
[pid  1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1953] <... futex resumed>)        = 0
[pid  1952] <... futex resumed>)        = 1
[pid  1953] chdir("./file0" <unfinished ...>
[pid  1952] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1953] <... chdir resumed>)        = 0
[pid  1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1952] <... futex resumed>)        = 0
[pid  1953] <... futex resumed>)        = 1
[pid  1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1953] creat("./file0", 000 <unfinished ...>
[pid  1952] <... futex resumed>)        = 0
[pid  1952] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1953] <... creat resumed>)        = 3
[pid  1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1953] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1952] <... futex resumed>)        = 0
[pid  1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1952] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1952] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1952] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1956 attached
, parent_tid=[1956], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1956
[pid  1956] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1952] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1956] <... set_robust_list resumed>) = 0
[pid  1952] <... futex resumed>)        = 0
[pid  1956] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1952] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1953] <... futex resumed>)        = 0
[pid  1953] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1956] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1956] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1953] <... write resumed>)        = 40
[pid  1956] <... futex resumed>)        = 1
[pid  1952] <... futex resumed>)        = 0
[pid  1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1953] <... futex resumed>)        = 0
[pid  1952] <... futex resumed>)        = 0
[pid  1953] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1952] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1953] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1952] <... futex resumed>)        = 0
[pid  1953] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1952] exit_group(0)               = ?
[pid  1953] <... futex resumed>)        = ?
[pid  1956] +++ exited with 0 +++
[pid  1953] +++ exited with 0 +++
[pid  1952] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1952, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./332/binderfs")                = 0
umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./332/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./332/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./332")                          = 0
mkdir("./333", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   67.352936][ T1953] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   67.368000][ T1956] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1957
./strace-static-x86_64: Process 1957 attached
[pid  1957] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1957] chdir("./333")              = 0
[pid  1957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1957] setpgid(0, 0)               = 0
[pid  1957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1957] write(3, "1000", 4)         = 4
[pid  1957] close(3)                    = 0
[pid  1957] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1957] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1957] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1957] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1958], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1958
./strace-static-x86_64: Process 1958 attached
[pid  1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1957] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1958] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1958] memfd_create("syzkaller", 0) = 3
[pid  1958] ftruncate(3, 2097152)       = 0
[pid  1958] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1958] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1958] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1958] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1958] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1958] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1958] mkdir("./file0", 0777)      = 0
[pid  1958] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1958] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1958] close(4)                    = 0
[pid  1958] close(3)                    = 0
[pid  1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1957] <... futex resumed>)        = 0
[pid  1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1957] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1958] chdir("./file0")            = 0
[pid  1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1957] <... futex resumed>)        = 0
[pid  1958] <... futex resumed>)        = 1
[pid  1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1957] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1958] creat("./file0", 000)       = 3
[pid  1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1957] <... futex resumed>)        = 0
[pid  1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1957] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1957] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1957] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1961], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1961
[pid  1957] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1957] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1961 attached
 <unfinished ...>
[pid  1961] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1961] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1958] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1961] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1961] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1958] <... write resumed>)        = 40
[pid  1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1958] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1961] <... futex resumed>)        = 1
[pid  1957] <... futex resumed>)        = 0
[pid  1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1957] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1958] <... futex resumed>)        = 0
[pid  1961] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1958] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1957] <... futex resumed>)        = 0
[pid  1957] exit_group(0)               = ?
[pid  1961] <... futex resumed>)        = ?
[pid  1958] <... futex resumed>)        = ?
[pid  1958] +++ exited with 0 +++
[pid  1961] +++ exited with 0 +++
[pid  1957] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1957, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./333/binderfs")                = 0
[   67.452353][ T1958] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   67.470814][ T1961] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./333/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./333/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./333")                          = 0
mkdir("./334", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1962
./strace-static-x86_64: Process 1962 attached
[pid  1962] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1962] chdir("./334")              = 0
[pid  1962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1962] setpgid(0, 0)               = 0
[pid  1962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1962] write(3, "1000", 4)         = 4
[pid  1962] close(3)                    = 0
[pid  1962] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1962] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1962] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1962] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1963], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1963
[pid  1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1962] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1963 attached
 <unfinished ...>
[pid  1963] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1963] memfd_create("syzkaller", 0) = 3
[pid  1963] ftruncate(3, 2097152)       = 0
[pid  1963] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1963] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1963] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1963] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1963] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1963] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1963] mkdir("./file0", 0777)      = 0
[pid  1963] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1963] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1963] close(4)                    = 0
[pid  1963] close(3)                    = 0
[pid  1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1962] <... futex resumed>)        = 0
[pid  1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1962] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1963] chdir("./file0")            = 0
[pid  1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1962] <... futex resumed>)        = 0
[pid  1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1963] creat("./file0", 000 <unfinished ...>
[pid  1962] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1963] <... creat resumed>)        = 3
[pid  1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1962] <... futex resumed>)        = 0
[pid  1963] <... futex resumed>)        = 1
[pid  1963] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1962] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1962] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1962] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1966 attached
, parent_tid=[1966], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1966
[pid  1966] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1962] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1966] <... set_robust_list resumed>) = 0
[pid  1966] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1962] <... futex resumed>)        = 0
[pid  1962] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1963] <... write resumed>)        = 40
[pid  1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1963] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1966] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1966] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1966] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1962] <... futex resumed>)        = 0
[pid  1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1962] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1963] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1963] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1962] <... futex resumed>)        = 0
[pid  1962] exit_group(0)               = ?
[pid  1966] <... futex resumed>)        = ?
[pid  1966] +++ exited with 0 +++
[   67.555479][ T1963] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   67.575252][ T1966] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   67.592971][ T1963] EXT4-fs (loop0): pa ffff8881e69fe690: logic 16, phys. 128, len 24
[pid  1963] +++ exited with 0 +++
[pid  1962] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1962, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./334/binderfs")                = 0
[   67.600964][ T1963] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./334/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./334/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./334")                          = 0
mkdir("./335", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1967
./strace-static-x86_64: Process 1967 attached
[pid  1967] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1967] chdir("./335")              = 0
[pid  1967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1967] setpgid(0, 0)               = 0
[pid  1967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1967] write(3, "1000", 4)         = 4
[pid  1967] close(3)                    = 0
[pid  1967] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1967] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1967] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1967] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1968], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1968
./strace-static-x86_64: Process 1968 attached
[pid  1968] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1968] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1968] <... futex resumed>)        = 0
[pid  1968] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1967] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1968] <... memfd_create resumed>) = 3
[pid  1968] ftruncate(3, 2097152)       = 0
[pid  1968] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1968] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1968] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1968] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1968] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1968] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1968] mkdir("./file0", 0777)      = 0
[pid  1968] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1968] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1968] close(4)                    = 0
[pid  1968] close(3)                    = 0
[pid  1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1967] <... futex resumed>)        = 0
[pid  1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1968] chdir("./file0")            = 0
[pid  1967] <... futex resumed>)        = 0
[pid  1967] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1967] <... futex resumed>)        = 0
[pid  1968] creat("./file0", 000 <unfinished ...>
[pid  1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1967] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1968] <... creat resumed>)        = 3
[pid  1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1967] <... futex resumed>)        = 0
[pid  1968] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1968] <... write resumed>)        = 40
[pid  1967] <... futex resumed>)        = 0
[pid  1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1967] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1968] <... futex resumed>)        = 0
[pid  1967] <... futex resumed>)        = 0
[pid  1968] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1967] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1967] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1971 attached
, parent_tid=[1971], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1971
[pid  1971] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1967] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1971] <... set_robust_list resumed>) = 0
[pid  1967] <... futex resumed>)        = 0
[pid  1971] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1967] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1971] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1971] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1971] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1967] <... futex resumed>)        = 0
[pid  1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1968] <... futex resumed>)        = 0
[pid  1967] <... futex resumed>)        = 1
[pid  1968] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1967] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1968] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1967] <... futex resumed>)        = 0
[pid  1967] exit_group(0)               = ?
[pid  1971] <... futex resumed>)        = ?
[pid  1971] +++ exited with 0 +++
[   67.722404][ T1968] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   67.740284][ T1971] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   67.756405][ T1968] EXT4-fs (loop0): pa ffff8881ed9ca9d8: logic 16, phys. 128, len 24
[pid  1968] +++ exited with 0 +++
[pid  1967] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1967, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./335/binderfs")                = 0
[   67.764432][ T1968] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./335/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./335/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./335")                          = 0
mkdir("./336", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1972
./strace-static-x86_64: Process 1972 attached
[pid  1972] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1972] chdir("./336")              = 0
[pid  1972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1972] setpgid(0, 0)               = 0
[pid  1972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1972] write(3, "1000", 4)         = 4
[pid  1972] close(3)                    = 0
[pid  1972] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1972] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1972] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1972] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1973 attached
, parent_tid=[1973], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1973
[pid  1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1972] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1973] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1973] memfd_create("syzkaller", 0) = 3
[pid  1973] ftruncate(3, 2097152)       = 0
[pid  1973] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1973] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1973] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1973] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1973] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1973] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1973] mkdir("./file0", 0777)      = 0
[pid  1973] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1973] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1973] close(4)                    = 0
[pid  1973] close(3)                    = 0
[pid  1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1972] <... futex resumed>)        = 0
[pid  1973] chdir("./file0" <unfinished ...>
[pid  1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1972] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1973] <... chdir resumed>)        = 0
[pid  1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1972] <... futex resumed>)        = 0
[pid  1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1972] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1973] creat("./file0", 000)       = 3
[pid  1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1972] <... futex resumed>)        = 0
[pid  1973] <... futex resumed>)        = 1
[pid  1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1972] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1972] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1972] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1976], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1976
[pid  1972] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1972] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1973] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1973] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1976 attached
 <unfinished ...>
[pid  1976] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1976] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  1976] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1972] <... futex resumed>)        = 0
[pid  1976] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1972] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1973] <... futex resumed>)        = 0
[pid  1973] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1973] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1972] <... futex resumed>)        = 0
[pid  1972] exit_group(0)               = ?
[pid  1973] <... futex resumed>)        = ?
[pid  1973] +++ exited with 0 +++
[pid  1976] <... futex resumed>)        = ?
[   67.846524][ T1973] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   67.868155][ T1976] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   67.884485][ T1976] EXT4-fs (loop0): pa ffff8881ed9ca0a8: logic 16, phys. 128, len 24
[pid  1976] +++ exited with 0 +++
[pid  1972] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1972, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./336/binderfs")                = 0
[   67.892497][ T1976] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./336/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./336")                          = 0
mkdir("./337", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1977
./strace-static-x86_64: Process 1977 attached
[pid  1977] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1977] chdir("./337")              = 0
[pid  1977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1977] setpgid(0, 0)               = 0
[pid  1977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1977] write(3, "1000", 4)         = 4
[pid  1977] close(3)                    = 0
[pid  1977] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1977] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1977] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1977] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1978 attached
, parent_tid=[1978], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1978
[pid  1978] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1978] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1977] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1978] <... futex resumed>)        = 0
[pid  1978] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1977] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1978] <... memfd_create resumed>) = 3
[pid  1978] ftruncate(3, 2097152)       = 0
[pid  1978] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1978] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1978] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1978] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1978] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1978] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1978] mkdir("./file0", 0777)      = 0
[pid  1978] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1978] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1978] close(4)                    = 0
[pid  1978] close(3)                    = 0
[pid  1978] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1978] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1977] <... futex resumed>)        = 0
[pid  1977] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1977] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1978] <... futex resumed>)        = 0
[pid  1978] chdir("./file0")            = 0
[pid  1978] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1977] <... futex resumed>)        = 0
[pid  1977] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1977] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1978] <... futex resumed>)        = 1
[pid  1978] creat("./file0", 000)       = 3
[pid  1978] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1977] <... futex resumed>)        = 0
[pid  1977] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1977] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1977] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1977] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1981], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1981
./strace-static-x86_64: Process 1981 attached
[pid  1977] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1981] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1977] <... futex resumed>)        = 0
[pid  1981] <... set_robust_list resumed>) = 0
[pid  1977] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1981] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1978] <... futex resumed>)        = 1
[pid  1978] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1981] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1981] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1977] <... futex resumed>)        = 0
[pid  1977] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1977] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1978] <... write resumed>)        = 40
[pid  1978] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1978] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1981] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1981] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1977] <... futex resumed>)        = 0
[pid  1977] exit_group(0)               = ?
[pid  1978] <... futex resumed>)        = ?
[pid  1978] +++ exited with 0 +++
[pid  1981] +++ exited with 0 +++
[pid  1977] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1977, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./337/binderfs")                = 0
[   67.993269][ T1978] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   68.009791][ T1981] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./337/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./337/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./337")                          = 0
mkdir("./338", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1982
./strace-static-x86_64: Process 1982 attached
[pid  1982] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1982] chdir("./338")              = 0
[pid  1982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1982] setpgid(0, 0)               = 0
[pid  1982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1982] write(3, "1000", 4)         = 4
[pid  1982] close(3)                    = 0
[pid  1982] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1982] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1982] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1982] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1983 attached
 <unfinished ...>
[pid  1983] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1983] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1982] <... clone resumed>, parent_tid=[1983], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1983
[pid  1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1983] <... futex resumed>)        = 0
[pid  1983] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1982] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1983] <... memfd_create resumed>) = 3
[pid  1983] ftruncate(3, 2097152)       = 0
[pid  1983] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1983] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1983] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1983] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1983] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1983] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1983] mkdir("./file0", 0777)      = 0
[pid  1983] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1983] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1983] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1983] close(4)                    = 0
[pid  1983] close(3)                    = 0
[pid  1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1982] <... futex resumed>)        = 0
[pid  1983] <... futex resumed>)        = 1
[pid  1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1982] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1983] chdir("./file0")            = 0
[pid  1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1982] <... futex resumed>)        = 0
[pid  1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1982] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1983] creat("./file0", 000)       = 3
[pid  1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1982] <... futex resumed>)        = 0
[pid  1983] <... futex resumed>)        = 1
[pid  1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1982] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  1982] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1982] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1986], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1986
[pid  1982] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1982] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1983] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 1986 attached
 <unfinished ...>
[pid  1986] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1983] <... write resumed>)        = 40
[pid  1986] <... set_robust_list resumed>) = 0
[pid  1986] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1983] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1986] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1986] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1982] <... futex resumed>)        = 0
[pid  1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1982] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1983] <... futex resumed>)        = 0
[pid  1983] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1982] <... futex resumed>)        = 0
[pid  1982] exit_group(0)               = ?
[pid  1986] +++ exited with 0 +++
[pid  1983] <... futex resumed>)        = ?
[pid  1983] +++ exited with 0 +++
[pid  1982] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1982, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./338/binderfs")                = 0
[   68.153063][ T1983] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   68.171804][ T1986] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   68.187880][ T1983] EXT4-fs (loop0): pa ffff8881e69fe3f0: logic 16, phys. 128, len 24
umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./338/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./338/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./338")                          = 0
mkdir("./339", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
[   68.195917][ T1983] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1987
./strace-static-x86_64: Process 1987 attached
[pid  1987] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1987] chdir("./339")              = 0
[pid  1987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1987] setpgid(0, 0)               = 0
[pid  1987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1987] write(3, "1000", 4)         = 4
[pid  1987] close(3)                    = 0
[pid  1987] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1987] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1987] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1987] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1988], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1988
[pid  1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1987] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1988 attached
 <unfinished ...>
[pid  1988] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1988] memfd_create("syzkaller", 0) = 3
[pid  1988] ftruncate(3, 2097152)       = 0
[pid  1988] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1988] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1988] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1988] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1988] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1988] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1988] mkdir("./file0", 0777)      = 0
[pid  1988] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1988] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1988] close(4)                    = 0
[pid  1988] close(3)                    = 0
[pid  1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1987] <... futex resumed>)        = 0
[pid  1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1988] chdir("./file0")            = 0
[pid  1987] <... futex resumed>)        = 0
[pid  1987] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1987] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1988] <... futex resumed>)        = 0
[pid  1988] creat("./file0", 000 <unfinished ...>
[pid  1987] <... futex resumed>)        = 0
[pid  1987] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1988] <... creat resumed>)        = 3
[pid  1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1987] <... futex resumed>)        = 0
[pid  1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1988] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1987] <... futex resumed>)        = 0
[pid  1987] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1988] <... write resumed>)        = 40
[pid  1987] <... futex resumed>)        = 0
[pid  1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1988] <... futex resumed>)        = 0
[pid  1987] <... mmap resumed>)         = 0x7f0168051000
[pid  1987] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  1988] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1987] <... mprotect resumed>)     = 0
[pid  1987] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1991], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1991
./strace-static-x86_64: Process 1991 attached
[pid  1987] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1991] set_robust_list(0x7f01680719e0, 24) = 0
[pid  1987] <... futex resumed>)        = 0
[pid  1991] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1987] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1991] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1991] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1987] <... futex resumed>)        = 0
[pid  1991] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1988] <... futex resumed>)        = 0
[pid  1987] <... futex resumed>)        = 1
[pid  1988] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  1987] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1987] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1988] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1987] exit_group(0 <unfinished ...>
[pid  1988] <... futex resumed>)        = ?
[pid  1987] <... exit_group resumed>)   = ?
[pid  1988] +++ exited with 0 +++
[pid  1991] <... futex resumed>)        = ?
[   68.261982][ T1988] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   68.280195][ T1991] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   68.297405][ T1991] EXT4-fs (loop0): pa ffff8881e69fe930: logic 16, phys. 128, len 24
[pid  1991] +++ exited with 0 +++
[pid  1987] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1987, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./339/binderfs")                = 0
[   68.305402][ T1991] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./339/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./339/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./339")                          = 0
mkdir("./340", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1992
./strace-static-x86_64: Process 1992 attached
[pid  1992] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1992] chdir("./340")              = 0
[pid  1992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1992] setpgid(0, 0)               = 0
[pid  1992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1992] write(3, "1000", 4)         = 4
[pid  1992] close(3)                    = 0
[pid  1992] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1992] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1992] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1992] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1993 attached
 <unfinished ...>
[pid  1993] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1992] <... clone resumed>, parent_tid=[1993], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1993
[pid  1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1993] <... futex resumed>)        = 0
[pid  1993] memfd_create("syzkaller", 0 <unfinished ...>
[pid  1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1993] <... memfd_create resumed>) = 3
[pid  1993] ftruncate(3, 2097152)       = 0
[pid  1993] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1993] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1993] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1993] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1993] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1993] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1993] mkdir("./file0", 0777)      = 0
[pid  1993] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1993] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1993] close(4)                    = 0
[pid  1993] close(3)                    = 0
[pid  1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1992] <... futex resumed>)        = 0
[pid  1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1993] <... futex resumed>)        = 0
[pid  1993] chdir("./file0")            = 0
[pid  1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1992] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1993] <... futex resumed>)        = 0
[pid  1993] creat("./file0", 000 <unfinished ...>
[pid  1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1993] <... creat resumed>)        = 3
[pid  1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1992] <... futex resumed>)        = 0
[pid  1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1993] <... futex resumed>)        = 0
[pid  1993] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1993] <... futex resumed>)        = 0
[pid  1993] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1993] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1992] <... futex resumed>)        = 0
[pid  1993] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1993] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1992] <... futex resumed>)        = 0
[pid  1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1992] <... futex resumed>)        = 0
[pid  1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[   68.431048][ T1993] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   68.463154][ T1993] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[pid  1992] exit_group(0)               = ?
[pid  1993] <... futex resumed>)        = ?
[pid  1993] +++ exited with 0 +++
[pid  1992] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1992, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./340/binderfs")                = 0
[   68.479869][ T1993] EXT4-fs (loop0): pa ffff8881e6ba6888: logic 16, phys. 128, len 24
[   68.488286][ T1993] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./340/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./340/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./340")                          = 0
mkdir("./341", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1996 attached
, child_tidptr=0x55555656e5d0) = 1996
[pid  1996] set_robust_list(0x55555656e5e0, 24) = 0
[pid  1996] chdir("./341")              = 0
[pid  1996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  1996] setpgid(0, 0)               = 0
[pid  1996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  1996] write(3, "1000", 4)         = 4
[pid  1996] close(3)                    = 0
[pid  1996] symlink("/dev/binderfs", "./binderfs") = 0
[pid  1996] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  1996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  1996] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1996] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1997 attached
, parent_tid=[1997], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1997
[pid  1997] set_robust_list(0x7f01680929e0, 24) = 0
[pid  1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1996] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  1997] <... futex resumed>)        = 0
[pid  1997] memfd_create("syzkaller", 0) = 3
[pid  1997] ftruncate(3, 2097152)       = 0
[pid  1997] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  1997] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  1997] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  1997] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  1997] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  1997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  1997] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  1997] mkdir("./file0", 0777)      = 0
[pid  1997] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  1997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  1997] ioctl(4, LOOP_CLR_FD)       = 0
[pid  1997] close(4)                    = 0
[pid  1997] close(3)                    = 0
[pid  1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1996] <... futex resumed>)        = 0
[pid  1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1997] <... futex resumed>)        = 0
[pid  1996] <... futex resumed>)        = 1
[pid  1997] chdir("./file0" <unfinished ...>
[pid  1996] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1997] <... chdir resumed>)        = 0
[pid  1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1996] <... futex resumed>)        = 0
[pid  1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1997] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1996] <... futex resumed>)        = 0
[pid  1997] creat("./file0", 000 <unfinished ...>
[pid  1996] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1997] <... creat resumed>)        = 3
[pid  1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1996] <... futex resumed>)        = 0
[pid  1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1997] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  1996] <... futex resumed>)        = 0
[pid  1997] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  1996] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1997] <... write resumed>)        = 40
[pid  1996] <... futex resumed>)        = 0
[pid  1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  1997] <... futex resumed>)        = 0
[pid  1996] <... mmap resumed>)         = 0x7f0168051000
[pid  1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1996] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  1996] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2000 attached
, parent_tid=[2000], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2000
[pid  2000] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  1996] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2000] <... set_robust_list resumed>) = 0
[pid  1996] <... futex resumed>)        = 0
[pid  2000] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  1996] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2000] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2000] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  1996] <... futex resumed>)        = 0
[pid  1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  1997] <... futex resumed>)        = 0
[pid  1996] <... futex resumed>)        = 1
[pid  1997] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  1996] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  1997] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2000] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1997] <... futex resumed>)        = 1
[pid  1996] <... futex resumed>)        = 0
[pid  1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  1996] exit_group(0 <unfinished ...>
[pid  1997] <... futex resumed>)        = ?
[pid  1996] <... exit_group resumed>)   = ?
[pid  1997] +++ exited with 0 +++
[pid  2000] <... futex resumed>)        = ?
[   68.590526][ T1997] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   68.610897][ T2000] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   68.627561][ T2000] EXT4-fs (loop0): pa ffff8881e6ba6f18: logic 16, phys. 128, len 24
[pid  2000] +++ exited with 0 +++
[pid  1996] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1996, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./341/binderfs")                = 0
[   68.635666][ T2000] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./341/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./341/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./341")                          = 0
mkdir("./342", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2001
./strace-static-x86_64: Process 2001 attached
[pid  2001] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2001] chdir("./342")              = 0
[pid  2001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2001] setpgid(0, 0)               = 0
[pid  2001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2001] write(3, "1000", 4)         = 4
[pid  2001] close(3)                    = 0
[pid  2001] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2001] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2001] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2001] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2002], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2002
./strace-static-x86_64: Process 2002 attached
[pid  2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2001] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2002] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2002] memfd_create("syzkaller", 0) = 3
[pid  2002] ftruncate(3, 2097152)       = 0
[pid  2002] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2002] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2002] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2002] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2002] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2002] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2002] mkdir("./file0", 0777)      = 0
[pid  2002] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2002] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2002] close(4)                    = 0
[pid  2002] close(3)                    = 0
[pid  2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2001] <... futex resumed>)        = 0
[pid  2002] <... futex resumed>)        = 1
[pid  2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2002] chdir("./file0" <unfinished ...>
[pid  2001] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2002] <... chdir resumed>)        = 0
[pid  2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2001] <... futex resumed>)        = 0
[pid  2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2001] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2002] creat("./file0", 000)       = 3
[pid  2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2001] <... futex resumed>)        = 0
[pid  2002] <... futex resumed>)        = 1
[pid  2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2001] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2001] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2001] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2005], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2005
[pid  2001] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2001] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2002] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 2005 attached
 <unfinished ...>
[pid  2005] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2005] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2002] <... write resumed>)        = 40
[pid  2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2002] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2005] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2005] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2005] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2001] <... futex resumed>)        = 0
[pid  2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2001] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2002] <... futex resumed>)        = 0
[pid  2002] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2001] <... futex resumed>)        = 0
[pid  2001] exit_group(0)               = ?
[pid  2005] <... futex resumed>)        = ?
[pid  2005] +++ exited with 0 +++
[pid  2002] <... futex resumed>)        = ?
[   68.719291][ T2002] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   68.739132][ T2005] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   68.756883][ T2002] EXT4-fs (loop0): pa ffff8881e6ba6738: logic 16, phys. 128, len 24
[pid  2002] +++ exited with 0 +++
[pid  2001] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2001, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./342/binderfs")                = 0
[   68.764873][ T2002] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./342/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./342/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./342")                          = 0
mkdir("./343", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2006
./strace-static-x86_64: Process 2006 attached
[pid  2006] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2006] chdir("./343")              = 0
[pid  2006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2006] setpgid(0, 0)               = 0
[pid  2006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2006] write(3, "1000", 4)         = 4
[pid  2006] close(3)                    = 0
[pid  2006] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2006] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2006] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2006] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2007 attached
, parent_tid=[2007], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2007
[pid  2006] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2006] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2007] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2007] memfd_create("syzkaller", 0) = 3
[pid  2007] ftruncate(3, 2097152)       = 0
[pid  2007] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2007] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2007] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2007] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2007] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2007] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2007] mkdir("./file0", 0777)      = 0
[pid  2007] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2007] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2007] close(4)                    = 0
[pid  2007] close(3)                    = 0
[pid  2007] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2006] <... futex resumed>)        = 0
[pid  2007] chdir("./file0" <unfinished ...>
[pid  2006] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2006] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2007] <... chdir resumed>)        = 0
[pid  2007] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2006] <... futex resumed>)        = 0
[pid  2007] <... futex resumed>)        = 1
[pid  2006] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2006] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2007] creat("./file0", 000)       = 3
[pid  2007] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2006] <... futex resumed>)        = 0
[pid  2007] <... futex resumed>)        = 1
[pid  2006] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2006] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2006] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2006] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2010], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2010
[pid  2006] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2006] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2007] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 2010 attached
 <unfinished ...>
[pid  2010] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2010] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  2010] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2006] <... futex resumed>)        = 0
[pid  2010] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  2006] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2010] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  2006] <... futex resumed>)        = 0
[pid  2010] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2006] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2010] <... futex resumed>)        = 0
[pid  2006] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2010] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2007] <... write resumed>)        = 40
[pid  2007] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2007] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2006] exit_group(0)               = ?
[pid  2010] <... futex resumed>)        = ?
[pid  2010] +++ exited with 0 +++
[pid  2007] <... futex resumed>)        = ?
[pid  2007] +++ exited with 0 +++
[pid  2006] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2006, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./343/binderfs")                = 0
[   68.856097][ T2007] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   68.876045][ T2010] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./343/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./343")                          = 0
mkdir("./344", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2011
./strace-static-x86_64: Process 2011 attached
[pid  2011] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2011] chdir("./344")              = 0
[pid  2011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2011] setpgid(0, 0)               = 0
[pid  2011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2011] write(3, "1000", 4)         = 4
[pid  2011] close(3)                    = 0
[pid  2011] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2011] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2011] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2011] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2012 attached
 <unfinished ...>
[pid  2012] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2012] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2011] <... clone resumed>, parent_tid=[2012], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2012
[pid  2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2012] <... futex resumed>)        = 0
[pid  2011] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2012] memfd_create("syzkaller", 0) = 3
[pid  2012] ftruncate(3, 2097152)       = 0
[pid  2012] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2012] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2012] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2012] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2012] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2012] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2012] mkdir("./file0", 0777)      = 0
[pid  2012] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2012] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2012] close(4)                    = 0
[pid  2012] close(3)                    = 0
[pid  2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2011] <... futex resumed>)        = 0
[pid  2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2011] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2012] chdir("./file0")            = 0
[pid  2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2011] <... futex resumed>)        = 0
[pid  2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2011] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2012] creat("./file0", 000)       = 3
[pid  2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2011] <... futex resumed>)        = 0
[pid  2012] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2011] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2012] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2011] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2011] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  2012] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 2015 attached
 <unfinished ...>
[pid  2011] <... clone resumed>, parent_tid=[2015], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2015
[pid  2011] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2011] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2015] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  2012] <... write resumed>)        = 40
[pid  2015] <... set_robust_list resumed>) = 0
[pid  2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2015] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2012] <... futex resumed>)        = 0
[pid  2012] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2015] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2015] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2011] <... futex resumed>)        = 0
[pid  2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2011] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2012] <... futex resumed>)        = 0
[pid  2012] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2011] <... futex resumed>)        = 0
[pid  2015] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2012] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2011] exit_group(0 <unfinished ...>
[pid  2012] <... futex resumed>)        = ?
[pid  2011] <... exit_group resumed>)   = ?
[pid  2012] +++ exited with 0 +++
[pid  2015] <... futex resumed>)        = ?
[   68.993096][ T2012] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   69.016084][ T2015] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   69.033083][ T2015] EXT4-fs (loop0): pa ffff8881e6ba6690: logic 16, phys. 128, len 24
[pid  2015] +++ exited with 0 +++
[pid  2011] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2011, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./344/binderfs")                = 0
umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./344/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
[   69.041118][ T2015] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
rmdir("./344/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./344")                          = 0
mkdir("./345", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2016 attached
, child_tidptr=0x55555656e5d0) = 2016
[pid  2016] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2016] chdir("./345")              = 0
[pid  2016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2016] setpgid(0, 0)               = 0
[pid  2016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2016] write(3, "1000", 4)         = 4
[pid  2016] close(3)                    = 0
[pid  2016] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2016] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2016] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2016] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2017 attached
, parent_tid=[2017], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2017
[pid  2017] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2017] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2016] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2017] <... futex resumed>)        = 0
[pid  2017] memfd_create("syzkaller", 0) = 3
[pid  2017] ftruncate(3, 2097152)       = 0
[pid  2017] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2017] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2017] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2017] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2017] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2016] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2017] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2017] mkdir("./file0", 0777)      = 0
[pid  2017] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2017] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2017] close(4)                    = 0
[pid  2017] close(3)                    = 0
[pid  2017] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2016] <... futex resumed>)        = 0
[pid  2016] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2017] chdir("./file0" <unfinished ...>
[pid  2016] <... futex resumed>)        = 0
[pid  2016] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2017] <... chdir resumed>)        = 0
[pid  2017] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2016] <... futex resumed>)        = 0
[pid  2017] <... futex resumed>)        = 1
[pid  2016] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2017] creat("./file0", 000 <unfinished ...>
[pid  2016] <... futex resumed>)        = 0
[pid  2016] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2017] <... creat resumed>)        = 3
[pid  2017] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2016] <... futex resumed>)        = 0
[pid  2017] <... futex resumed>)        = 1
[pid  2016] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2016] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2016] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2016] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2020], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2020
./strace-static-x86_64: Process 2020 attached
[pid  2020] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2020] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2016] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2020] <... futex resumed>)        = 0
[pid  2016] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2020] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2017] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  2020] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2020] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2016] <... futex resumed>)        = 0
[pid  2020] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2016] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2020] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2016] <... futex resumed>)        = 0
[pid  2020] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  2016] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2020] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  2020] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2020] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2016] <... futex resumed>)        = 0
[pid  2017] <... write resumed>)        = 40
[pid  2017] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2017] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2016] exit_group(0)               = ?
[pid  2020] <... futex resumed>)        = ?
[pid  2017] <... futex resumed>)        = ?
[pid  2020] +++ exited with 0 +++
[pid  2017] +++ exited with 0 +++
[pid  2016] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2016, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./345/binderfs")                = 0
[   69.137423][ T2017] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   69.156598][ T2020] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./345/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./345/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./345")                          = 0
mkdir("./346", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2021
./strace-static-x86_64: Process 2021 attached
[pid  2021] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2021] chdir("./346")              = 0
[pid  2021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2021] setpgid(0, 0)               = 0
[pid  2021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2021] write(3, "1000", 4)         = 4
[pid  2021] close(3)                    = 0
[pid  2021] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2021] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2021] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2021] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2022 attached
, parent_tid=[2022], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2022
[pid  2022] set_robust_list(0x7f01680929e0, 24 <unfinished ...>
[pid  2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2022] <... set_robust_list resumed>) = 0
[pid  2021] <... futex resumed>)        = 0
[pid  2022] memfd_create("syzkaller", 0 <unfinished ...>
[pid  2021] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2022] <... memfd_create resumed>) = 3
[pid  2022] ftruncate(3, 2097152)       = 0
[pid  2022] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2022] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2022] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2022] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2022] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2022] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2022] mkdir("./file0", 0777)      = 0
[pid  2022] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2022] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2022] close(4)                    = 0
[pid  2022] close(3)                    = 0
[pid  2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2021] <... futex resumed>)        = 0
[pid  2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2021] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2022] chdir("./file0")            = 0
[pid  2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2021] <... futex resumed>)        = 0
[pid  2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2021] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2022] creat("./file0", 000)       = 3
[pid  2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2021] <... futex resumed>)        = 0
[pid  2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2021] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2021] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2021] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2025], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2025
[pid  2021] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2021] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2022] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2025 attached
 <unfinished ...>
[pid  2025] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2025] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2022] <... futex resumed>)        = 0
[pid  2022] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2025] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2025] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2021] <... futex resumed>)        = 0
[pid  2025] <... futex resumed>)        = 1
[pid  2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2025] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2021] <... futex resumed>)        = 0
[pid  2021] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2022] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2022] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2021] <... futex resumed>)        = 0
[pid  2021] exit_group(0 <unfinished ...>
[pid  2025] <... futex resumed>)        = ?
[pid  2021] <... exit_group resumed>)   = ?
[pid  2025] +++ exited with 0 +++
[pid  2022] <... futex resumed>)        = ?
[   69.250387][ T2022] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   69.269381][ T2025] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   69.286582][ T2022] EXT4-fs (loop0): pa ffff8881db8710a8: logic 16, phys. 128, len 24
[pid  2022] +++ exited with 0 +++
[pid  2021] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2021, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./346/binderfs")                = 0
[   69.294592][ T2022] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./346/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./346/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./346")                          = 0
mkdir("./347", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2026
./strace-static-x86_64: Process 2026 attached
[pid  2026] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2026] chdir("./347")              = 0
[pid  2026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2026] setpgid(0, 0)               = 0
[pid  2026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2026] write(3, "1000", 4)         = 4
[pid  2026] close(3)                    = 0
[pid  2026] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2026] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2026] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2026] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2027 attached
, parent_tid=[2027], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2027
[pid  2026] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2026] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2027] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2027] memfd_create("syzkaller", 0) = 3
[pid  2027] ftruncate(3, 2097152)       = 0
[pid  2027] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2027] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2027] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2027] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2027] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2027] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2027] mkdir("./file0", 0777)      = 0
[pid  2027] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2027] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2027] close(4)                    = 0
[pid  2027] close(3)                    = 0
[pid  2027] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2026] <... futex resumed>)        = 0
[pid  2026] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2026] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2027] chdir("./file0")            = 0
[pid  2027] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2026] <... futex resumed>)        = 0
[pid  2026] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2026] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2027] creat("./file0", 000)       = 3
[pid  2027] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2026] <... futex resumed>)        = 0
[pid  2026] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2026] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2026] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2026] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2030 attached
, parent_tid=[2030], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2030
[pid  2030] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  2026] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2030] <... set_robust_list resumed>) = 0
[pid  2026] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2030] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2027] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  2030] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2030] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2026] <... futex resumed>)        = 0
[pid  2030] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  2026] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2030] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  2026] <... futex resumed>)        = 0
[pid  2030] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2026] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2030] <... futex resumed>)        = 0
[pid  2026] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2030] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2027] <... write resumed>)        = 40
[pid  2027] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2027] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2026] exit_group(0)               = ?
[pid  2030] <... futex resumed>)        = ?
[pid  2027] <... futex resumed>)        = ?
[pid  2030] +++ exited with 0 +++
[pid  2027] +++ exited with 0 +++
[pid  2026] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2026, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./347/binderfs")                = 0
[   69.398717][ T2027] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   69.419230][ T2030] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./347/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./347/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./347")                          = 0
mkdir("./348", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2031
./strace-static-x86_64: Process 2031 attached
[pid  2031] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2031] chdir("./348")              = 0
[pid  2031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2031] setpgid(0, 0)               = 0
[pid  2031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2031] write(3, "1000", 4)         = 4
[pid  2031] close(3)                    = 0
[pid  2031] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2031] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2031] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2031] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2032 attached
, parent_tid=[2032], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2032
[pid  2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2031] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2032] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2032] memfd_create("syzkaller", 0) = 3
[pid  2032] ftruncate(3, 2097152)       = 0
[pid  2032] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2032] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2032] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2032] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2032] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2032] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2032] mkdir("./file0", 0777)      = 0
[pid  2032] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2032] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2032] close(4)                    = 0
[pid  2032] close(3)                    = 0
[pid  2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2031] <... futex resumed>)        = 0
[pid  2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2031] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2032] chdir("./file0")            = 0
[pid  2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2031] <... futex resumed>)        = 0
[pid  2032] <... futex resumed>)        = 1
[pid  2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2031] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2032] creat("./file0", 000)       = 3
[pid  2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2031] <... futex resumed>)        = 0
[pid  2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2032] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  2031] <... futex resumed>)        = 0
[pid  2031] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2031] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  2032] <... write resumed>)        = 40
[pid  2031] <... mprotect resumed>)     = 0
[pid  2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2031] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2035 attached
 <unfinished ...>
[pid  2035] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2035] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2032] <... futex resumed>)        = 0
[pid  2031] <... clone resumed>, parent_tid=[2035], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2035
[pid  2031] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2035] <... futex resumed>)        = 0
[pid  2035] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2031] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2032] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2035] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2035] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2031] <... futex resumed>)        = 0
[pid  2035] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2031] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2032] <... futex resumed>)        = 0
[pid  2032] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2031] <... futex resumed>)        = 0
[pid  2031] exit_group(0 <unfinished ...>
[pid  2035] <... futex resumed>)        = ?
[pid  2031] <... exit_group resumed>)   = ?
[pid  2035] +++ exited with 0 +++
[   69.550642][ T2032] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   69.573024][ T2035] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   69.590604][ T2032] EXT4-fs (loop0): pa ffff8881db8717e0: logic 16, phys. 128, len 24
[pid  2032] +++ exited with 0 +++
[pid  2031] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2031, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./348/binderfs")                = 0
[   69.598578][ T2032] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./348/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./348/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./348")                          = 0
mkdir("./349", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2036
./strace-static-x86_64: Process 2036 attached
[pid  2036] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2036] chdir("./349")              = 0
[pid  2036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2036] setpgid(0, 0)               = 0
[pid  2036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2036] write(3, "1000", 4)         = 4
[pid  2036] close(3)                    = 0
[pid  2036] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2036] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2036] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2036] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2037 attached
, parent_tid=[2037], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2037
[pid  2037] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2037] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2037] <... futex resumed>)        = 0
[pid  2037] memfd_create("syzkaller", 0 <unfinished ...>
[pid  2036] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2037] <... memfd_create resumed>) = 3
[pid  2037] ftruncate(3, 2097152)       = 0
[pid  2037] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2037] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2037] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2037] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2037] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2037] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2037] mkdir("./file0", 0777)      = 0
[pid  2037] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2037] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2037] close(4)                    = 0
[pid  2037] close(3)                    = 0
[pid  2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2037] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2036] <... futex resumed>)        = 0
[pid  2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2037] <... futex resumed>)        = 0
[pid  2037] chdir("./file0")            = 0
[pid  2036] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2037] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2036] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2037] <... futex resumed>)        = 0
[pid  2037] creat("./file0", 000 <unfinished ...>
[pid  2036] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2037] <... creat resumed>)        = 3
[pid  2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2037] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2036] <... futex resumed>)        = 0
[pid  2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2036] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2036] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2036] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2040 attached
 <unfinished ...>
[pid  2040] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2040] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2036] <... clone resumed>, parent_tid=[2040], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2040
[pid  2036] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2040] <... futex resumed>)        = 0
[pid  2040] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2037] <... futex resumed>)        = 0
[pid  2036] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2037] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  2040] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2040] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2037] <... write resumed>)        = 40
[pid  2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2040] <... futex resumed>)        = 1
[pid  2036] <... futex resumed>)        = 0
[pid  2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2036] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2037] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  2040] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2037] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2036] <... futex resumed>)        = 0
[pid  2036] exit_group(0 <unfinished ...>
[pid  2037] <... futex resumed>)        = 1
[pid  2036] <... exit_group resumed>)   = ?
[pid  2037] +++ exited with 0 +++
[pid  2040] <... futex resumed>)        = ?
[pid  2040] +++ exited with 0 +++
[pid  2036] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2036, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./349/binderfs")                = 0
[   69.692063][ T2037] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   69.715264][ T2040] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata
umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./349/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./349/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./349")                          = 0
mkdir("./350", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2041
./strace-static-x86_64: Process 2041 attached
[pid  2041] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2041] chdir("./350")              = 0
[pid  2041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2041] setpgid(0, 0)               = 0
[pid  2041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2041] write(3, "1000", 4)         = 4
[pid  2041] close(3)                    = 0
[pid  2041] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2041] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2041] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2041] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2042 attached
, parent_tid=[2042], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2042
[pid  2042] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2042] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2042] <... futex resumed>)        = 0
[pid  2042] memfd_create("syzkaller", 0 <unfinished ...>
[pid  2041] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2042] <... memfd_create resumed>) = 3
[pid  2042] ftruncate(3, 2097152)       = 0
[pid  2042] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2042] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2042] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2042] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2042] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2042] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2042] mkdir("./file0", 0777)      = 0
[pid  2042] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2042] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2042] close(4)                    = 0
[pid  2042] close(3)                    = 0
[pid  2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2041] <... futex resumed>)        = 0
[pid  2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2042] chdir("./file0" <unfinished ...>
[pid  2041] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2042] <... chdir resumed>)        = 0
[pid  2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2041] <... futex resumed>)        = 0
[pid  2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2042] creat("./file0", 000 <unfinished ...>
[pid  2041] <... futex resumed>)        = 0
[pid  2041] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2042] <... creat resumed>)        = 3
[pid  2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2041] <... futex resumed>)        = 0
[pid  2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2042] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  2041] <... futex resumed>)        = 0
[pid  2041] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  2042] <... write resumed>)        = 40
[pid  2041] <... mmap resumed>)         = 0x7f0168051000
[pid  2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2041] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2041] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  2042] <... futex resumed>)        = 0
[pid  2042] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2045 attached
 <unfinished ...>
[pid  2045] set_robust_list(0x7f01680719e0, 24 <unfinished ...>
[pid  2041] <... clone resumed>, parent_tid=[2045], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2045
[pid  2041] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2041] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2045] <... set_robust_list resumed>) = 0
[pid  2045] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  2045] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2041] <... futex resumed>)        = 0
[pid  2045] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2041] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2042] <... futex resumed>)        = 0
[pid  2042] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2041] <... futex resumed>)        = 0
[pid  2041] exit_group(0)               = ?
[pid  2045] <... futex resumed>)        = ?
[pid  2045] +++ exited with 0 +++
[pid  2042] <... futex resumed>)        = ?
[   69.809367][ T2042] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   69.827260][ T2045] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   69.844252][ T2042] EXT4-fs (loop0): pa ffff8881db8711f8: logic 16, phys. 128, len 24
[pid  2042] +++ exited with 0 +++
[pid  2041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2041, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./350/binderfs")                = 0
[   69.852366][ T2042] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./350/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./350/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./350")                          = 0
mkdir("./351", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2046
./strace-static-x86_64: Process 2046 attached
[pid  2046] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2046] chdir("./351")              = 0
[pid  2046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2046] setpgid(0, 0)               = 0
[pid  2046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2046] write(3, "1000", 4)         = 4
[pid  2046] close(3)                    = 0
[pid  2046] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2046] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2046] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2046] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2047 attached
, parent_tid=[2047], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2047
[pid  2047] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2046] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2047] memfd_create("syzkaller", 0) = 3
[pid  2047] ftruncate(3, 2097152)       = 0
[pid  2047] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2047] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2047] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2047] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2047] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2047] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2047] mkdir("./file0", 0777)      = 0
[pid  2047] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2047] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2047] close(4)                    = 0
[pid  2047] close(3)                    = 0
[pid  2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2046] <... futex resumed>)        = 0
[pid  2047] chdir("./file0" <unfinished ...>
[pid  2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2047] <... chdir resumed>)        = 0
[pid  2046] <... futex resumed>)        = 0
[pid  2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2046] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2047] <... futex resumed>)        = 0
[pid  2046] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2047] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2047] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2046] <... futex resumed>)        = 0
[pid  2047] creat("./file0", 000 <unfinished ...>
[pid  2046] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2047] <... creat resumed>)        = 3
[pid  2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2046] <... futex resumed>)        = 0
[pid  2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2046] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2046] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2046] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2050], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2050
[pid  2046] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2046] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2047] <... futex resumed>)        = 1
[pid  2047] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2047] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2050 attached
 <unfinished ...>
[pid  2050] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2050] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  2050] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2046] <... futex resumed>)        = 0
[pid  2050] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2047] <... futex resumed>)        = 0
[pid  2046] <... futex resumed>)        = 1
[pid  2047] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  2046] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2047] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2046] <... futex resumed>)        = 0
[pid  2047] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2046] exit_group(0 <unfinished ...>
[pid  2050] <... futex resumed>)        = ?
[pid  2047] <... futex resumed>)        = ?
[pid  2046] <... exit_group resumed>)   = ?
[pid  2047] +++ exited with 0 +++
[pid  2050] +++ exited with 0 +++
[pid  2046] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2046, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./351/binderfs")                = 0
[   69.951891][ T2047] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   69.966670][ T2050] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   69.983684][ T2050] EXT4-fs (loop0): pa ffff8881db90e690: logic 16, phys. 128, len 24
[   69.991683][ T2050] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./351/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./351/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./351")                          = 0
mkdir("./352", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2051 attached
, child_tidptr=0x55555656e5d0) = 2051
[pid  2051] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2051] chdir("./352")              = 0
[pid  2051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2051] setpgid(0, 0)               = 0
[pid  2051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2051] write(3, "1000", 4)         = 4
[pid  2051] close(3)                    = 0
[pid  2051] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2051] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2051] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2051] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2052 attached
, parent_tid=[2052], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2052
[pid  2052] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2052] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2052] <... futex resumed>)        = 0
[pid  2052] memfd_create("syzkaller", 0 <unfinished ...>
[pid  2051] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2052] <... memfd_create resumed>) = 3
[pid  2052] ftruncate(3, 2097152)       = 0
[pid  2052] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2052] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2052] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2052] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2052] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2052] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2052] mkdir("./file0", 0777)      = 0
[pid  2052] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2052] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2052] close(4)                    = 0
[pid  2052] close(3)                    = 0
[pid  2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2051] <... futex resumed>)        = 0
[pid  2052] <... futex resumed>)        = 1
[pid  2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2052] chdir("./file0" <unfinished ...>
[pid  2051] <... futex resumed>)        = 0
[pid  2052] <... chdir resumed>)        = 0
[pid  2051] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2051] <... futex resumed>)        = 0
[pid  2052] <... futex resumed>)        = 1
[pid  2052] creat("./file0", 000 <unfinished ...>
[pid  2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2051] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2052] <... creat resumed>)        = 3
[pid  2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2051] <... futex resumed>)        = 0
[pid  2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2051] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2051] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2051] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2055], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2055
[pid  2051] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2051] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2052] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2052] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2055 attached
 <unfinished ...>
[pid  2055] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2055] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  2055] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2051] <... futex resumed>)        = 0
[pid  2055] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2051] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2052] <... futex resumed>)        = 0
[pid  2052] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2051] <... futex resumed>)        = 0
[pid  2051] exit_group(0)               = ?
[pid  2055] <... futex resumed>)        = ?
[pid  2055] +++ exited with 0 +++
[   70.072307][ T2052] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   70.091759][ T2055] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   70.108871][ T2052] EXT4-fs (loop0): pa ffff8881db90edc8: logic 16, phys. 128, len 24
[pid  2052] +++ exited with 0 +++
[pid  2051] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2051, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./352/binderfs")                = 0
[   70.116868][ T2052] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./352/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./352/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./352")                          = 0
mkdir("./353", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2056
./strace-static-x86_64: Process 2056 attached
[pid  2056] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2056] chdir("./353")              = 0
[pid  2056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2056] setpgid(0, 0)               = 0
[pid  2056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2056] write(3, "1000", 4)         = 4
[pid  2056] close(3)                    = 0
[pid  2056] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2056] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2056] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2056] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2057 attached
, parent_tid=[2057], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2057
[pid  2057] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2057] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2057] <... futex resumed>)        = 0
[pid  2057] memfd_create("syzkaller", 0) = 3
[pid  2057] ftruncate(3, 2097152)       = 0
[pid  2057] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2057] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2057] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2057] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2057] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2057] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  2056] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2057] <... ioctl resumed>)        = 0
[pid  2057] mkdir("./file0", 0777)      = 0
[pid  2057] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2057] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2057] close(4)                    = 0
[pid  2057] close(3)                    = 0
[pid  2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2056] <... futex resumed>)        = 0
[pid  2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2057] chdir("./file0" <unfinished ...>
[pid  2056] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2057] <... chdir resumed>)        = 0
[pid  2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2056] <... futex resumed>)        = 0
[pid  2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2057] creat("./file0", 000 <unfinished ...>
[pid  2056] <... futex resumed>)        = 0
[pid  2056] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2057] <... creat resumed>)        = 3
[pid  2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2056] <... futex resumed>)        = 0
[pid  2057] <... futex resumed>)        = 1
[pid  2057] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2056] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2057] <... write resumed>)        = 40
[pid  2056] <... futex resumed>)        = 0
[pid  2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2057] <... futex resumed>)        = 0
[pid  2056] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2056] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  2057] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2060 attached
 <unfinished ...>
[pid  2060] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2060] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2056] <... clone resumed>, parent_tid=[2060], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2060
[pid  2056] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2060] <... futex resumed>)        = 0
[pid  2056] <... futex resumed>)        = 1
[pid  2060] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2056] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2060] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2060] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2056] <... futex resumed>)        = 0
[pid  2060] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2056] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2057] <... futex resumed>)        = 0
[pid  2057] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2056] <... futex resumed>)        = 0
[pid  2057] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2056] exit_group(0)               = ?
[pid  2057] <... futex resumed>)        = ?
[pid  2057] +++ exited with 0 +++
[pid  2060] <... futex resumed>)        = ?
[   70.221685][ T2057] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   70.244527][ T2060] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   70.262036][ T2060] EXT4-fs (loop0): pa ffff8881db871b28: logic 16, phys. 128, len 24
[pid  2060] +++ exited with 0 +++
[pid  2056] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2056, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./353/binderfs")                = 0
[   70.270041][ T2060] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./353/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./353/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./353")                          = 0
mkdir("./354", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2061
./strace-static-x86_64: Process 2061 attached
[pid  2061] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2061] chdir("./354")              = 0
[pid  2061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2061] setpgid(0, 0)               = 0
[pid  2061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2061] write(3, "1000", 4)         = 4
[pid  2061] close(3)                    = 0
[pid  2061] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2061] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2061] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2061] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2062], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2062
[pid  2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2061] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2062 attached
 <unfinished ...>
[pid  2062] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2062] memfd_create("syzkaller", 0) = 3
[pid  2062] ftruncate(3, 2097152)       = 0
[pid  2062] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2062] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2062] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2062] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2062] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2062] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2062] mkdir("./file0", 0777)      = 0
[pid  2062] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2062] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2062] close(4)                    = 0
[pid  2062] close(3)                    = 0
[pid  2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2061] <... futex resumed>)        = 0
[pid  2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2061] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2062] <... futex resumed>)        = 1
[pid  2062] chdir("./file0")            = 0
[pid  2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2061] <... futex resumed>)        = 0
[pid  2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2061] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2062] <... futex resumed>)        = 1
[pid  2062] creat("./file0", 000)       = 3
[pid  2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2061] <... futex resumed>)        = 0
[pid  2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2061] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000
[pid  2061] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2061] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2065], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2065
[pid  2061] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2061] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2062] <... futex resumed>)        = 1
[pid  2062] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40
[pid  2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2062] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2065 attached
 <unfinished ...>
[pid  2065] set_robust_list(0x7f01680719e0, 24) = 0
[pid  2065] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning)
[pid  2065] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2061] <... futex resumed>)        = 0
[pid  2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2061] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2062] <... futex resumed>)        = 0
[pid  2062] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor)
[pid  2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2061] <... futex resumed>)        = 0
[pid  2062] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2061] exit_group(0 <unfinished ...>
[pid  2065] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2062] <... futex resumed>)        = ?
[pid  2061] <... exit_group resumed>)   = ?
[pid  2065] <... futex resumed>)        = ?
[pid  2062] +++ exited with 0 +++
[   70.343035][ T2062] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   70.359262][ T2065] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   70.376161][ T2065] EXT4-fs (loop0): pa ffff8881db871f18: logic 16, phys. 128, len 24
[pid  2065] +++ exited with 0 +++
[pid  2061] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2061, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./354/binderfs")                = 0
[   70.384456][ T2065] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./354/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./354/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./354")                          = 0
mkdir("./355", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2066 attached
 <unfinished ...>
[pid  2066] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2066] chdir("./355")              = 0
[pid   304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2066
[pid  2066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2066] setpgid(0, 0)               = 0
[pid  2066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2066] write(3, "1000", 4)         = 4
[pid  2066] close(3)                    = 0
[pid  2066] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2066] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2066] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2066] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2067], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2067
[pid  2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2067 attached
 <unfinished ...>
[pid  2067] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2067] memfd_create("syzkaller", 0) = 3
[pid  2067] ftruncate(3, 2097152)       = 0
[pid  2067] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2067] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2067] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2067] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2067] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2067] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2067] mkdir("./file0", 0777)      = 0
[pid  2067] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2067] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2067] close(4)                    = 0
[pid  2067] close(3)                    = 0
[pid  2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2066] <... futex resumed>)        = 0
[pid  2067] chdir("./file0" <unfinished ...>
[pid  2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2067] <... chdir resumed>)        = 0
[pid  2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2066] <... futex resumed>)        = 0
[pid  2067] <... futex resumed>)        = 0
[pid  2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2067] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2066] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2067] <... futex resumed>)        = 0
[pid  2066] <... futex resumed>)        = 1
[pid  2067] creat("./file0", 000 <unfinished ...>
[pid  2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2067] <... creat resumed>)        = 3
[pid  2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2066] <... futex resumed>)        = 0
[pid  2067] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2067] <... write resumed>)        = 40
[pid  2066] <... futex resumed>)        = 0
[pid  2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2067] <... futex resumed>)        = 0
[pid  2066] <... futex resumed>)        = 0
[pid  2067] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2067] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2066] <... futex resumed>)        = 0
[pid  2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2067] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  2066] <... futex resumed>)        = 0
[pid  2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2067] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2066] <... futex resumed>)        = 0
[pid  2066] exit_group(0)               = ?
[   70.486123][ T2067] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   70.502850][ T2067] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata
[   70.520007][ T2067] EXT4-fs (loop0): pa ffff8881db871498: logic 16, phys. 128, len 24
[pid  2067] +++ exited with 0 +++
[pid  2066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2066, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112
umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./355/binderfs")                = 0
[   70.528006][ T2067] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24
umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./355/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./355/file0")                    = 0
getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./355")                          = 0
mkdir("./356", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2070
./strace-static-x86_64: Process 2070 attached
[pid  2070] set_robust_list(0x55555656e5e0, 24) = 0
[pid  2070] chdir("./356")              = 0
[pid  2070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  2070] setpgid(0, 0)               = 0
[pid  2070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  2070] write(3, "1000", 4)         = 4
[pid  2070] close(3)                    = 0
[pid  2070] symlink("/dev/binderfs", "./binderfs") = 0
[pid  2070] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000
[pid  2070] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  2070] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2071 attached
 <unfinished ...>
[pid  2071] set_robust_list(0x7f01680929e0, 24) = 0
[pid  2071] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  2070] <... clone resumed>, parent_tid=[2071], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2071
[pid  2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2071] <... futex resumed>)        = 0
[pid  2071] memfd_create("syzkaller", 0 <unfinished ...>
[pid  2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} <unfinished ...>
[pid  2071] <... memfd_create resumed>) = 3
[pid  2071] ftruncate(3, 2097152)       = 0
[pid  2071] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102
[pid  2071] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31
[pid  2071] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32
[pid  2071] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098
[pid  2071] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61
[pid  2071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  2071] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  2071] mkdir("./file0", 0777)      = 0
[pid  2071] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0
[pid  2071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5
[pid  2071] ioctl(4, LOOP_CLR_FD)       = 0
[pid  2071] close(4)                    = 0
[pid  2071] close(3)                    = 0
[pid  2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2070] <... futex resumed>)        = 0
[pid  2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2071] chdir("./file0")            = 0
[pid  2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2070] <... futex resumed>)        = 0
[pid  2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2071] <... futex resumed>)        = 1
[pid  2071] creat("./file0", 000)       = 3
[pid  2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2070] <... futex resumed>)        = 0
[pid  2071] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 <unfinished ...>
[pid  2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2071] <... write resumed>)        = 40
[pid  2070] <... futex resumed>)        = 0
[pid  2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  2071] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 <unfinished ...>
[pid  2070] <... futex resumed>)        = 0
[pid  2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2071] <... fallocate resumed>)    = -1 EUCLEAN (Structure needs cleaning)
[pid  2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  2070] <... futex resumed>)        = 0
[pid  2071] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 <unfinished ...>
[pid  2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  2071] <... mmap resumed>)         = -1 EBADF (Bad file descriptor)
[pid  2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1