./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1459889304 <...> 00, st_size=4096, ...}) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 [ 54.050235][ T22] audit: type=1400 audit(1656346858.520:84): avc: denied { remove_name } for pid=137 comm="syslogd" name="messages" dev="tmpfs" ino=1008 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 54.079050][ T22] audit: type=1400 audit(1656346858.520:85): avc: denied { rename } for pid=137 comm="syslogd" name="messages" dev="tmpfs" ino=1008 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 close(4) = 0 rmdir("./237/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1484 ./strace-static-x86_64: Process 1484 attached [pid 1484] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1484] chdir("./238") = 0 [pid 1484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1484] setpgid(0, 0) = 0 [pid 1484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1484] write(3, "1000", 4) = 4 [pid 1484] close(3) = 0 [pid 1484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1484] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1484] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1484] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1485], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1485 [pid 1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1484] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1485 attached [pid 1485] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1485] memfd_create("syzkaller", 0) = 3 [pid 1485] ftruncate(3, 2097152) = 0 [pid 1485] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1485] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1485] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1485] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1485] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1485] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1485] mkdir("./file0", 0777) = 0 [pid 1485] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1485] ioctl(4, LOOP_CLR_FD) = 0 [pid 1485] close(4) = 0 [pid 1485] close(3) = 0 [pid 1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1484] <... futex resumed>) = 0 [pid 1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1484] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1485] <... futex resumed>) = 1 [pid 1485] chdir("./file0") = 0 [pid 1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1484] <... futex resumed>) = 0 [pid 1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1484] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1485] <... futex resumed>) = 1 [pid 1485] creat("./file0", 000) = 3 [pid 1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1484] <... futex resumed>) = 0 [pid 1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1484] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1484] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1484] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1488], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1488 [pid 1484] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1484] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1485] <... futex resumed>) = 1 [pid 1485] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1485] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1488 attached [pid 1488] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1488] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1488] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1484] <... futex resumed>) = 0 [pid 1484] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1484] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1485] <... futex resumed>) = 0 [pid 1485] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1484] <... futex resumed>) = 0 [pid 1484] exit_group(0) = ? [pid 1485] <... futex resumed>) = ? [pid 1485] +++ exited with 0 +++ [pid 1488] +++ exited with 0 +++ [pid 1484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1484, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./238/binderfs") = 0 [ 54.176336][ T1488] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 54.192844][ T1488] EXT4-fs (loop0): pa ffff8881ed9caf18: logic 16, phys. 128, len 24 [ 54.200863][ T1488] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1489 ./strace-static-x86_64: Process 1489 attached [pid 1489] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1489] chdir("./239") = 0 [pid 1489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1489] setpgid(0, 0) = 0 [pid 1489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1489] write(3, "1000", 4) = 4 [pid 1489] close(3) = 0 [pid 1489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1489] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1489] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1489] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1490 attached , parent_tid=[1490], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1490 [pid 1490] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1490] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1490] <... futex resumed>) = 0 [pid 1489] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1490] memfd_create("syzkaller", 0) = 3 [pid 1490] ftruncate(3, 2097152) = 0 [pid 1490] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1490] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1490] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1490] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1490] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1490] mkdir("./file0", 0777) = 0 [pid 1490] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1490] ioctl(4, LOOP_CLR_FD) = 0 [pid 1490] close(4) = 0 [pid 1490] close(3) = 0 [pid 1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1489] <... futex resumed>) = 0 [pid 1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1489] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1490] chdir("./file0") = 0 [pid 1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1489] <... futex resumed>) = 0 [pid 1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1489] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1490] creat("./file0", 000) = 3 [pid 1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1489] <... futex resumed>) = 0 [pid 1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1489] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1489] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1489] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1493], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1493 [pid 1489] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1489] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1490] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1490] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1493 attached [pid 1493] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1493] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1493] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1489] <... futex resumed>) = 0 [pid 1489] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1490] <... futex resumed>) = 0 [pid 1489] <... futex resumed>) = 1 [pid 1490] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1489] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1490] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1489] <... futex resumed>) = 0 [pid 1490] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1489] exit_group(0 [pid 1490] <... futex resumed>) = ? [pid 1490] +++ exited with 0 +++ [pid 1489] <... exit_group resumed>) = ? [pid 1493] +++ exited with 0 +++ [pid 1489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1489, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./239/binderfs") = 0 [ 54.297674][ T1493] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 54.314269][ T1493] EXT4-fs (loop0): pa ffff8881ed9cab28: logic 16, phys. 128, len 24 [ 54.322287][ T1493] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1494 ./strace-static-x86_64: Process 1494 attached [pid 1494] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1494] chdir("./240") = 0 [pid 1494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1494] setpgid(0, 0) = 0 [pid 1494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1494] write(3, "1000", 4) = 4 [pid 1494] close(3) = 0 [pid 1494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1494] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1494] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1494] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1495], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1495 [pid 1494] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1494] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1495 attached [pid 1495] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1495] memfd_create("syzkaller", 0) = 3 [pid 1495] ftruncate(3, 2097152) = 0 [pid 1495] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1495] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1495] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1495] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1495] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1495] mkdir("./file0", 0777) = 0 [pid 1495] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1495] ioctl(4, LOOP_CLR_FD) = 0 [pid 1495] close(4) = 0 [pid 1495] close(3) = 0 [pid 1495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1494] <... futex resumed>) = 0 [pid 1494] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1494] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1495] chdir("./file0") = 0 [pid 1495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1494] <... futex resumed>) = 0 [pid 1494] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1494] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1495] creat("./file0", 000) = 3 [pid 1495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1494] <... futex resumed>) = 0 [pid 1494] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1494] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1494] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1494] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1498], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1498 [pid 1494] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1494] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1498 attached [pid 1498] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1498] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1495] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1498] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1495] <... write resumed>) = 40 [pid 1498] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1498] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1494] <... futex resumed>) = 0 [pid 1494] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1494] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1498] <... futex resumed>) = 0 [pid 1495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1498] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1498] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1494] <... futex resumed>) = 0 [pid 1494] exit_group(0) = ? [pid 1498] <... futex resumed>) = ? [pid 1495] <... futex resumed>) = ? [pid 1498] +++ exited with 0 +++ [pid 1495] +++ exited with 0 +++ [pid 1494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1494, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./240/binderfs") = 0 [ 54.417087][ T1498] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1499 ./strace-static-x86_64: Process 1499 attached [pid 1499] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1499] chdir("./241") = 0 [pid 1499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1499] setpgid(0, 0) = 0 [pid 1499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1499] write(3, "1000", 4) = 4 [pid 1499] close(3) = 0 [pid 1499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1499] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1499] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1499] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1500 attached , parent_tid=[1500], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1500 [pid 1500] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1500] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1500] <... futex resumed>) = 0 [pid 1499] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1500] memfd_create("syzkaller", 0) = 3 [pid 1500] ftruncate(3, 2097152) = 0 [pid 1500] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1500] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1500] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1500] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1500] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1500] mkdir("./file0", 0777) = 0 [pid 1500] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1500] ioctl(4, LOOP_CLR_FD) = 0 [pid 1500] close(4) = 0 [pid 1500] close(3) = 0 [pid 1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1499] <... futex resumed>) = 0 [pid 1500] chdir("./file0" [pid 1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1500] <... chdir resumed>) = 0 [pid 1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1499] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1500] <... futex resumed>) = 0 [pid 1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] creat("./file0", 000 [pid 1499] <... futex resumed>) = 0 [pid 1499] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1500] <... creat resumed>) = 3 [pid 1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1500] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] <... futex resumed>) = 0 [pid 1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] <... futex resumed>) = 0 [pid 1499] <... futex resumed>) = 1 [pid 1499] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1499] <... futex resumed>) = 0 [pid 1499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1500] <... write resumed>) = 40 [pid 1499] <... mmap resumed>) = 0x7f0168051000 [pid 1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1499] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1500] <... futex resumed>) = 0 [pid 1500] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1503 attached , parent_tid=[1503], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1503 [pid 1503] set_robust_list(0x7f01680719e0, 24 [pid 1499] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] <... set_robust_list resumed>) = 0 [pid 1499] <... futex resumed>) = 0 [pid 1503] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1499] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1503] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1503] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1499] <... futex resumed>) = 0 [pid 1503] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] <... futex resumed>) = 0 [pid 1499] <... futex resumed>) = 1 [pid 1500] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1499] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1499] <... futex resumed>) = 0 [pid 1500] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] exit_group(0) = ? [pid 1500] <... futex resumed>) = ? [pid 1500] +++ exited with 0 +++ [pid 1503] <... futex resumed>) = ? [pid 1503] +++ exited with 0 +++ [pid 1499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1499, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./241/binderfs") = 0 [ 54.525709][ T1503] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 54.542404][ T1503] EXT4-fs (loop0): pa ffff8881ed9ca690: logic 16, phys. 128, len 24 [ 54.550421][ T1503] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1504 ./strace-static-x86_64: Process 1504 attached [pid 1504] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1504] chdir("./242") = 0 [pid 1504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1504] setpgid(0, 0) = 0 [pid 1504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1504] write(3, "1000", 4) = 4 [pid 1504] close(3) = 0 [pid 1504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1504] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1504] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1504] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1505], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1505 [pid 1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1504] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1505 attached [pid 1505] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1505] memfd_create("syzkaller", 0) = 3 [pid 1505] ftruncate(3, 2097152) = 0 [pid 1505] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1505] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1505] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1505] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1505] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1505] mkdir("./file0", 0777) = 0 [pid 1505] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1505] ioctl(4, LOOP_CLR_FD) = 0 [pid 1505] close(4) = 0 [pid 1505] close(3) = 0 [pid 1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1504] <... futex resumed>) = 0 [pid 1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1504] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1505] chdir("./file0") = 0 [pid 1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1504] <... futex resumed>) = 0 [pid 1505] <... futex resumed>) = 1 [pid 1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1504] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1505] creat("./file0", 000) = 3 [pid 1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1504] <... futex resumed>) = 0 [pid 1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1504] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1504] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1504] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1508], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1508 [pid 1504] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1504] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1505] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1505] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1508 attached [pid 1508] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1508] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1508] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1504] <... futex resumed>) = 0 [pid 1508] <... futex resumed>) = 1 [pid 1504] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1508] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1504] <... futex resumed>) = 1 [pid 1504] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1505] <... futex resumed>) = 0 [pid 1505] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1504] <... futex resumed>) = 0 [pid 1505] <... futex resumed>) = 1 [pid 1504] exit_group(0) = ? [pid 1508] <... futex resumed>) = ? [pid 1508] +++ exited with 0 +++ [pid 1505] +++ exited with 0 +++ [pid 1504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1504, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./242/binderfs") = 0 [ 54.651671][ T1508] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 54.668200][ T1505] EXT4-fs (loop0): pa ffff8881e6ba6498: logic 16, phys. 128, len 24 [ 54.676240][ T1505] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1509 ./strace-static-x86_64: Process 1509 attached [pid 1509] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1509] chdir("./243") = 0 [pid 1509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1509] setpgid(0, 0) = 0 [pid 1509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1509] write(3, "1000", 4) = 4 [pid 1509] close(3) = 0 [pid 1509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1509] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1509] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1509] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1510 attached , parent_tid=[1510], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1510 [pid 1510] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1510] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1509] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1510] <... futex resumed>) = 0 [pid 1510] memfd_create("syzkaller", 0 [pid 1509] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1510] <... memfd_create resumed>) = 3 [pid 1510] ftruncate(3, 2097152) = 0 [pid 1510] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1510] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1510] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1510] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1510] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1510] mkdir("./file0", 0777) = 0 [pid 1510] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1510] ioctl(4, LOOP_CLR_FD) = 0 [pid 1510] close(4) = 0 [pid 1510] close(3) = 0 [pid 1510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1509] <... futex resumed>) = 0 [pid 1509] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1509] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1510] chdir("./file0") = 0 [pid 1510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1509] <... futex resumed>) = 0 [pid 1509] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1509] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1510] creat("./file0", 000) = 3 [pid 1510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1509] <... futex resumed>) = 0 [pid 1509] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1509] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1509] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1509] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1513], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1513 [pid 1509] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1509] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1513 attached [pid 1513] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1513] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1510] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1513] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1513] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1509] <... futex resumed>) = 0 [pid 1509] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1509] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1510] <... write resumed>) = 40 [pid 1513] <... futex resumed>) = 1 [pid 1513] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1513] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1509] <... futex resumed>) = 0 [pid 1513] <... futex resumed>) = 1 [pid 1513] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1510] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1509] exit_group(0) = ? [pid 1513] <... futex resumed>) = ? [pid 1510] <... futex resumed>) = 231 [pid 1513] +++ exited with 0 +++ [pid 1510] +++ exited with 0 +++ [pid 1509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1509, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./243/binderfs") = 0 [ 54.820247][ T1513] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1514 ./strace-static-x86_64: Process 1514 attached [pid 1514] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1514] chdir("./244") = 0 [pid 1514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1514] setpgid(0, 0) = 0 [pid 1514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1514] write(3, "1000", 4) = 4 [pid 1514] close(3) = 0 [pid 1514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1514] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1514] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1514] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1515 attached [pid 1515] set_robust_list(0x7f01680929e0, 24 [pid 1514] <... clone resumed>, parent_tid=[1515], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1515 [pid 1515] <... set_robust_list resumed>) = 0 [pid 1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1515] <... futex resumed>) = 0 [pid 1515] memfd_create("syzkaller", 0) = 3 [pid 1515] ftruncate(3, 2097152) = 0 [pid 1515] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1515] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1515] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1515] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1515] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1515] ioctl(4, LOOP_SET_FD, 3 [pid 1514] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1515] <... ioctl resumed>) = 0 [pid 1515] mkdir("./file0", 0777) = 0 [pid 1515] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1515] ioctl(4, LOOP_CLR_FD) = 0 [pid 1515] close(4) = 0 [pid 1515] close(3) = 0 [pid 1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1514] <... futex resumed>) = 0 [pid 1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1514] <... futex resumed>) = 0 [pid 1515] chdir("./file0" [pid 1514] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1515] <... chdir resumed>) = 0 [pid 1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1514] <... futex resumed>) = 0 [pid 1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] <... futex resumed>) = 0 [pid 1514] <... futex resumed>) = 1 [pid 1515] creat("./file0", 000 [pid 1514] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1515] <... creat resumed>) = 3 [pid 1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1514] <... futex resumed>) = 0 [pid 1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] <... futex resumed>) = 0 [pid 1514] <... futex resumed>) = 1 [pid 1515] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1514] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1514] <... futex resumed>) = 0 [pid 1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1514] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1514] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1518 attached [pid 1518] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1518] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] <... clone resumed>, parent_tid=[1518], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1518 [pid 1514] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1518] <... futex resumed>) = 0 [pid 1518] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1514] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1518] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1518] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1518] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] <... futex resumed>) = 0 [pid 1514] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1515] <... futex resumed>) = 0 [pid 1515] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1515] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1514] exit_group(0) = ? [pid 1515] <... futex resumed>) = ? [pid 1515] +++ exited with 0 +++ [pid 1518] <... futex resumed>) = ? [pid 1518] +++ exited with 0 +++ [pid 1514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1514, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./244/binderfs") = 0 [ 54.933758][ T1518] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 54.956007][ T1514] EXT4-fs (loop0): pa ffff8881e68ae690: logic 16, phys. 128, len 24 [ 54.964035][ T1514] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1519 ./strace-static-x86_64: Process 1519 attached [pid 1519] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1519] chdir("./245") = 0 [pid 1519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1519] setpgid(0, 0) = 0 [pid 1519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1519] write(3, "1000", 4) = 4 [pid 1519] close(3) = 0 [pid 1519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1519] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1519] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1519] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1520 attached [pid 1520] set_robust_list(0x7f01680929e0, 24 [pid 1519] <... clone resumed>, parent_tid=[1520], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1520 [pid 1520] <... set_robust_list resumed>) = 0 [pid 1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1520] <... futex resumed>) = 0 [pid 1519] <... futex resumed>) = 1 [pid 1519] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1520] memfd_create("syzkaller", 0) = 3 [pid 1520] ftruncate(3, 2097152) = 0 [pid 1520] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1520] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1520] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1520] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1520] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1520] mkdir("./file0", 0777) = 0 [pid 1520] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1520] ioctl(4, LOOP_CLR_FD) = 0 [pid 1520] close(4) = 0 [pid 1520] close(3) = 0 [pid 1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1519] <... futex resumed>) = 0 [pid 1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1520] <... futex resumed>) = 0 [pid 1520] chdir("./file0" [pid 1519] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1520] <... chdir resumed>) = 0 [pid 1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1520] <... futex resumed>) = 0 [pid 1519] <... futex resumed>) = 1 [pid 1520] creat("./file0", 000 [pid 1519] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1520] <... creat resumed>) = 3 [pid 1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1519] <... futex resumed>) = 0 [pid 1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1519] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1519] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1519] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1520] <... futex resumed>) = 0 [pid 1520] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1523 attached [pid 1523] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1523] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1519] <... clone resumed>, parent_tid=[1523], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1523 [pid 1519] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1523] <... futex resumed>) = 0 [pid 1519] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1523] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1523] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1519] <... futex resumed>) = 0 [pid 1519] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1523] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1520] <... futex resumed>) = 0 [pid 1520] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1520] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1519] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1519] exit_group(0) = ? [pid 1520] <... futex resumed>) = ? [pid 1520] +++ exited with 0 +++ [pid 1523] <... futex resumed>) = ? [pid 1523] +++ exited with 0 +++ [pid 1519] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1519, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./245/binderfs") = 0 [ 55.092661][ T1523] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 55.110750][ T1523] EXT4-fs (loop0): pa ffff8881e6ba6a80: logic 16, phys. 128, len 24 [ 55.118744][ T1523] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1524 ./strace-static-x86_64: Process 1524 attached [pid 1524] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1524] chdir("./246") = 0 [pid 1524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1524] setpgid(0, 0) = 0 [pid 1524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1524] write(3, "1000", 4) = 4 [pid 1524] close(3) = 0 [pid 1524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1524] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1524] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1524] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1525], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1525 [pid 1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1524] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1525 attached [pid 1525] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1525] memfd_create("syzkaller", 0) = 3 [pid 1525] ftruncate(3, 2097152) = 0 [pid 1525] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1525] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1525] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1525] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1525] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1525] mkdir("./file0", 0777) = 0 [pid 1525] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1525] ioctl(4, LOOP_CLR_FD) = 0 [pid 1525] close(4) = 0 [pid 1525] close(3) = 0 [pid 1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1524] <... futex resumed>) = 0 [pid 1525] <... futex resumed>) = 1 [pid 1525] chdir("./file0" [pid 1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1524] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1525] <... chdir resumed>) = 0 [pid 1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1524] <... futex resumed>) = 0 [pid 1525] <... futex resumed>) = 1 [pid 1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1525] creat("./file0", 000 [pid 1524] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1525] <... creat resumed>) = 3 [pid 1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1524] <... futex resumed>) = 0 [pid 1525] <... futex resumed>) = 1 [pid 1525] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1524] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1524] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1524] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1528 attached [pid 1528] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1528] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1525] <... write resumed>) = 40 [pid 1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1525] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1524] <... clone resumed>, parent_tid=[1528], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1528 [pid 1524] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1528] <... futex resumed>) = 0 [pid 1524] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1528] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1528] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1524] <... futex resumed>) = 0 [pid 1528] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1524] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1525] <... futex resumed>) = 0 [pid 1524] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1525] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1524] <... futex resumed>) = 0 [pid 1525] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1524] exit_group(0) = ? [pid 1525] <... futex resumed>) = 231 [pid 1525] +++ exited with 0 +++ [pid 1528] <... futex resumed>) = ? [pid 1528] +++ exited with 0 +++ [pid 1524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1524, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./246/binderfs") = 0 [ 55.238018][ T1528] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 55.254042][ T1528] EXT4-fs (loop0): pa ffff8881e68ae3f0: logic 16, phys. 128, len 24 [ 55.262134][ T1528] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1529 ./strace-static-x86_64: Process 1529 attached [pid 1529] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1529] chdir("./247") = 0 [pid 1529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1529] setpgid(0, 0) = 0 [pid 1529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1529] write(3, "1000", 4) = 4 [pid 1529] close(3) = 0 [pid 1529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1529] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1529] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1529] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1530 attached , parent_tid=[1530], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1530 [pid 1530] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1530] <... futex resumed>) = 0 [pid 1530] memfd_create("syzkaller", 0) = 3 [pid 1530] ftruncate(3, 2097152) = 0 [pid 1530] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1530] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1530] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1530] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1530] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1530] mkdir("./file0", 0777) = 0 [pid 1530] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 1529] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1530] <... mount resumed>) = 0 [pid 1530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1530] ioctl(4, LOOP_CLR_FD) = 0 [pid 1530] close(4) = 0 [pid 1530] close(3) = 0 [pid 1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1529] <... futex resumed>) = 0 [pid 1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1529] <... futex resumed>) = 0 [pid 1530] chdir("./file0") = 0 [pid 1529] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1530] <... futex resumed>) = 0 [pid 1529] <... futex resumed>) = 1 [pid 1530] creat("./file0", 000) = 3 [pid 1529] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1530] <... futex resumed>) = 0 [pid 1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1530] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1529] <... futex resumed>) = 0 [pid 1530] <... write resumed>) = 40 [pid 1529] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1529] <... futex resumed>) = 0 [pid 1530] <... futex resumed>) = 0 [pid 1529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1529] <... mmap resumed>) = 0x7f0168051000 [pid 1529] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1529] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1533], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1533 ./strace-static-x86_64: Process 1533 attached [pid 1533] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1533] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1529] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1533] <... futex resumed>) = 0 [pid 1533] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1529] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1533] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1533] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1533] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1529] <... futex resumed>) = 0 [pid 1529] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1530] <... futex resumed>) = 0 [pid 1529] <... futex resumed>) = 1 [pid 1530] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1529] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1530] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1529] <... futex resumed>) = 0 [pid 1530] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1529] exit_group(0) = ? [pid 1530] <... futex resumed>) = 231 [pid 1530] +++ exited with 0 +++ [pid 1533] <... futex resumed>) = ? [pid 1533] +++ exited with 0 +++ [pid 1529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1529, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./247/binderfs") = 0 [ 55.374395][ T1533] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 55.390411][ T1533] EXT4-fs (loop0): pa ffff8881e68aee70: logic 16, phys. 128, len 24 [ 55.398383][ T1533] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1534 ./strace-static-x86_64: Process 1534 attached [pid 1534] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1534] chdir("./248") = 0 [pid 1534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1534] setpgid(0, 0) = 0 [pid 1534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1534] write(3, "1000", 4) = 4 [pid 1534] close(3) = 0 [pid 1534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1534] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1534] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1534] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1535], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1535 [pid 1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1534] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1535 attached [pid 1535] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1535] memfd_create("syzkaller", 0) = 3 [pid 1535] ftruncate(3, 2097152) = 0 [pid 1535] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1535] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1535] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1535] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1535] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1535] mkdir("./file0", 0777) = 0 [pid 1535] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1535] ioctl(4, LOOP_CLR_FD) = 0 [pid 1535] close(4) = 0 [pid 1535] close(3) = 0 [pid 1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1534] <... futex resumed>) = 0 [pid 1535] chdir("./file0" [pid 1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1535] <... chdir resumed>) = 0 [pid 1534] <... futex resumed>) = 0 [pid 1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1534] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1535] <... futex resumed>) = 0 [pid 1534] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1535] creat("./file0", 000 [pid 1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1535] <... creat resumed>) = 3 [pid 1534] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1534] <... futex resumed>) = 0 [pid 1535] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1535] <... write resumed>) = 40 [pid 1534] <... futex resumed>) = 0 [pid 1534] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1534] <... futex resumed>) = 0 [pid 1535] <... futex resumed>) = 0 [pid 1534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1535] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1534] <... mmap resumed>) = 0x7f0168051000 [pid 1534] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1534] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1538 attached , parent_tid=[1538], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1538 [pid 1538] set_robust_list(0x7f01680719e0, 24 [pid 1534] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1538] <... set_robust_list resumed>) = 0 [pid 1538] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1534] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1538] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1538] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1534] <... futex resumed>) = 0 [pid 1538] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1534] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1535] <... futex resumed>) = 0 [pid 1534] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1535] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1534] <... futex resumed>) = 0 [pid 1535] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1534] exit_group(0) = ? [pid 1535] <... futex resumed>) = ? [pid 1535] +++ exited with 0 +++ [pid 1538] <... futex resumed>) = ? [pid 1538] +++ exited with 0 +++ [pid 1534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1534, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./248/binderfs") = 0 [ 55.483347][ T1538] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 55.499787][ T1538] EXT4-fs (loop0): pa ffff8881e6ba6888: logic 16, phys. 128, len 24 [ 55.507821][ T1538] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1539 ./strace-static-x86_64: Process 1539 attached [pid 1539] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1539] chdir("./249") = 0 [pid 1539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1539] setpgid(0, 0) = 0 [pid 1539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1539] write(3, "1000", 4) = 4 [pid 1539] close(3) = 0 [pid 1539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1539] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1539] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1539] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1540], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1540 [pid 1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1539] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1540 attached [pid 1540] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1540] memfd_create("syzkaller", 0) = 3 [pid 1540] ftruncate(3, 2097152) = 0 [pid 1540] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1540] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1540] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1540] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1540] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1540] mkdir("./file0", 0777) = 0 [pid 1540] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1540] ioctl(4, LOOP_CLR_FD) = 0 [pid 1540] close(4) = 0 [pid 1540] close(3) = 0 [pid 1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1539] <... futex resumed>) = 0 [pid 1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1539] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1540] <... futex resumed>) = 1 [pid 1540] chdir("./file0") = 0 [pid 1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1539] <... futex resumed>) = 0 [pid 1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1539] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1540] <... futex resumed>) = 1 [pid 1540] creat("./file0", 000) = 3 [pid 1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1539] <... futex resumed>) = 0 [pid 1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1539] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1539] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1539] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1543 attached [pid 1543] set_robust_list(0x7f01680719e0, 24 [pid 1539] <... clone resumed>, parent_tid=[1543], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1543 [pid 1543] <... set_robust_list resumed>) = 0 [pid 1539] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1543] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1539] <... futex resumed>) = 0 [pid 1539] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1540] <... futex resumed>) = 1 [pid 1540] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1543] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1543] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] <... write resumed>) = 40 [pid 1543] <... futex resumed>) = 1 [pid 1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1539] <... futex resumed>) = 0 [pid 1540] <... futex resumed>) = 0 [pid 1539] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1540] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1539] <... futex resumed>) = 0 [pid 1540] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1539] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1540] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1539] exit_group(0) = ? [pid 1540] <... futex resumed>) = 231 [pid 1540] +++ exited with 0 +++ [pid 1543] +++ exited with 0 +++ [pid 1539] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1539, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./249/binderfs") = 0 [ 55.634994][ T1543] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1544 ./strace-static-x86_64: Process 1544 attached [pid 1544] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1544] chdir("./250") = 0 [pid 1544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1544] setpgid(0, 0) = 0 [pid 1544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1544] write(3, "1000", 4) = 4 [pid 1544] close(3) = 0 [pid 1544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1544] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1544] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1544] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1545 attached , parent_tid=[1545], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1545 [pid 1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1545] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1545] memfd_create("syzkaller", 0) = 3 [pid 1545] ftruncate(3, 2097152) = 0 [pid 1545] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1545] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1545] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1545] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1545] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1545] mkdir("./file0", 0777) = 0 [pid 1545] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1545] ioctl(4, LOOP_CLR_FD) = 0 [pid 1545] close(4) = 0 [pid 1545] close(3) = 0 [pid 1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1544] <... futex resumed>) = 0 [pid 1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1545] <... futex resumed>) = 1 [pid 1545] chdir("./file0") = 0 [pid 1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1544] <... futex resumed>) = 0 [pid 1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1545] <... futex resumed>) = 1 [pid 1545] creat("./file0", 000) = 3 [pid 1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1544] <... futex resumed>) = 0 [pid 1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1544] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1544] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1548 attached , parent_tid=[1548], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1548 [pid 1544] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1545] <... futex resumed>) = 1 [pid 1545] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1548] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1545] <... write resumed>) = 40 [pid 1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1545] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1548] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1548] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1544] <... futex resumed>) = 0 [pid 1544] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1544] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1545] <... futex resumed>) = 0 [pid 1545] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1544] <... futex resumed>) = 0 [pid 1544] exit_group(0) = ? [pid 1548] +++ exited with 0 +++ [pid 1545] <... futex resumed>) = ? [pid 1545] +++ exited with 0 +++ [pid 1544] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1544, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./250/binderfs") = 0 [ 55.741871][ T1548] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 55.758799][ T1545] EXT4-fs (loop0): pa ffff8881e68ae150: logic 16, phys. 128, len 24 [ 55.766824][ T1545] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1549 ./strace-static-x86_64: Process 1549 attached [pid 1549] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1549] chdir("./251") = 0 [pid 1549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1549] setpgid(0, 0) = 0 [pid 1549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1549] write(3, "1000", 4) = 4 [pid 1549] close(3) = 0 [pid 1549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1549] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1549] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1549] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1550], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1550 [pid 1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1550 attached [pid 1549] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1550] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1550] memfd_create("syzkaller", 0) = 3 [pid 1550] ftruncate(3, 2097152) = 0 [pid 1550] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1550] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1550] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1550] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1550] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1550] mkdir("./file0", 0777) = 0 [pid 1550] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1550] ioctl(4, LOOP_CLR_FD) = 0 [pid 1550] close(4) = 0 [pid 1550] close(3) = 0 [pid 1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1549] <... futex resumed>) = 0 [pid 1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1549] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1550] <... futex resumed>) = 1 [pid 1550] chdir("./file0") = 0 [pid 1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1549] <... futex resumed>) = 0 [pid 1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1549] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1550] <... futex resumed>) = 1 [pid 1550] creat("./file0", 000) = 3 [pid 1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1549] <... futex resumed>) = 0 [pid 1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1549] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1549] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1549] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1553], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1553 [pid 1549] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1549] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1550] <... futex resumed>) = 1 [pid 1550] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1550] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1553 attached [pid 1553] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1553] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1553] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1549] <... futex resumed>) = 0 [pid 1549] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1549] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1550] <... futex resumed>) = 0 [pid 1550] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1549] <... futex resumed>) = 0 [pid 1549] exit_group(0 [pid 1553] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1549] <... exit_group resumed>) = ? [pid 1553] <... futex resumed>) = ? [pid 1550] <... futex resumed>) = ? [pid 1550] +++ exited with 0 +++ [pid 1553] +++ exited with 0 +++ [pid 1549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1549, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./251/binderfs") = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1554 ./strace-static-x86_64: Process 1554 attached [pid 1554] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1554] chdir("./252") = 0 [ 55.921180][ T1553] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 55.938450][ T1553] EXT4-fs (loop0): pa ffff8881e68ae0a8: logic 16, phys. 128, len 24 [ 55.946494][ T1553] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 1554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1554] setpgid(0, 0) = 0 [pid 1554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1554] write(3, "1000", 4) = 4 [pid 1554] close(3) = 0 [pid 1554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1554] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1554] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1554] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1555 attached , parent_tid=[1555], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1555 [pid 1555] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1555] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1555] <... futex resumed>) = 0 [pid 1554] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1555] memfd_create("syzkaller", 0) = 3 [pid 1555] ftruncate(3, 2097152) = 0 [pid 1555] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1555] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1555] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1555] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1555] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1555] mkdir("./file0", 0777) = 0 [pid 1555] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1555] ioctl(4, LOOP_CLR_FD) = 0 [pid 1555] close(4) = 0 [pid 1555] close(3) = 0 [pid 1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1554] <... futex resumed>) = 0 [pid 1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1555] chdir("./file0" [pid 1554] <... futex resumed>) = 0 [pid 1554] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1555] <... chdir resumed>) = 0 [pid 1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1554] <... futex resumed>) = 0 [pid 1555] <... futex resumed>) = 1 [pid 1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1555] creat("./file0", 000 [pid 1554] <... futex resumed>) = 0 [pid 1554] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1555] <... creat resumed>) = 3 [pid 1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1554] <... futex resumed>) = 0 [pid 1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1555] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1554] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1554] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1554] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1558 attached , parent_tid=[1558], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1558 [pid 1558] set_robust_list(0x7f01680719e0, 24 [pid 1554] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1558] <... set_robust_list resumed>) = 0 [pid 1558] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1554] <... futex resumed>) = 0 [pid 1554] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1558] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1558] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1555] <... write resumed>) = 40 [pid 1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1555] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1558] <... futex resumed>) = 1 [pid 1558] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1554] <... futex resumed>) = 0 [pid 1554] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1554] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1555] <... futex resumed>) = 0 [pid 1555] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1554] <... futex resumed>) = 0 [pid 1554] exit_group(0) = ? [pid 1558] <... futex resumed>) = ? [pid 1555] <... futex resumed>) = ? [pid 1555] +++ exited with 0 +++ [pid 1558] +++ exited with 0 +++ [pid 1554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1554, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./252/binderfs") = 0 [ 56.027105][ T1558] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1559 ./strace-static-x86_64: Process 1559 attached [pid 1559] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1559] chdir("./253") = 0 [pid 1559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1559] setpgid(0, 0) = 0 [pid 1559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1559] write(3, "1000", 4) = 4 [pid 1559] close(3) = 0 [pid 1559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1559] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1559] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1559] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1560], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1560 [pid 1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1560 attached [pid 1560] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1560] memfd_create("syzkaller", 0) = 3 [pid 1560] ftruncate(3, 2097152) = 0 [pid 1560] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1560] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1560] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1560] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1560] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1560] mkdir("./file0", 0777) = 0 [pid 1560] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1560] ioctl(4, LOOP_CLR_FD) = 0 [pid 1560] close(4) = 0 [pid 1560] close(3) = 0 [pid 1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] <... futex resumed>) = 0 [pid 1560] <... futex resumed>) = 1 [pid 1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] chdir("./file0") = 0 [pid 1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] <... futex resumed>) = 0 [pid 1560] <... futex resumed>) = 1 [pid 1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] creat("./file0", 000) = 3 [pid 1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1559] <... futex resumed>) = 0 [pid 1560] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1559] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1560] <... write resumed>) = 40 [pid 1559] <... mprotect resumed>) = 0 [pid 1559] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1563 attached [pid 1563] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1563] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1559] <... clone resumed>, parent_tid=[1563], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1563 [pid 1560] <... futex resumed>) = 0 [pid 1559] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1563] <... futex resumed>) = 0 [pid 1563] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1559] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1563] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1563] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1559] <... futex resumed>) = 0 [pid 1563] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1559] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1559] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] <... futex resumed>) = 0 [pid 1560] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1559] <... futex resumed>) = 0 [pid 1559] exit_group(0) = ? [pid 1563] <... futex resumed>) = ? [pid 1563] +++ exited with 0 +++ [pid 1560] +++ exited with 0 +++ [pid 1559] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1559, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./253/binderfs") = 0 [ 56.148791][ T1563] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 56.165899][ T1560] EXT4-fs (loop0): pa ffff8881e68ae5e8: logic 16, phys. 128, len 24 [ 56.173958][ T1560] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1564 ./strace-static-x86_64: Process 1564 attached [pid 1564] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1564] chdir("./254") = 0 [pid 1564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1564] setpgid(0, 0) = 0 [pid 1564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1564] write(3, "1000", 4) = 4 [pid 1564] close(3) = 0 [pid 1564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1564] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1564] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1564] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1565 attached , parent_tid=[1565], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1565 [pid 1565] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1565] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1565] <... futex resumed>) = 0 [pid 1565] memfd_create("syzkaller", 0 [pid 1564] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1565] <... memfd_create resumed>) = 3 [pid 1565] ftruncate(3, 2097152) = 0 [pid 1565] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1565] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1565] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1565] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1565] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1565] mkdir("./file0", 0777) = 0 [pid 1565] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1565] ioctl(4, LOOP_CLR_FD) = 0 [pid 1565] close(4) = 0 [pid 1565] close(3) = 0 [pid 1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1564] <... futex resumed>) = 0 [pid 1565] <... futex resumed>) = 1 [pid 1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1565] chdir("./file0" [pid 1564] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1565] <... chdir resumed>) = 0 [pid 1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1564] <... futex resumed>) = 0 [pid 1565] <... futex resumed>) = 1 [pid 1565] creat("./file0", 000 [pid 1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1564] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1565] <... creat resumed>) = 3 [pid 1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1564] <... futex resumed>) = 0 [pid 1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1564] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1564] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1564] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1568], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1568 [pid 1564] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1565] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1564] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1565] <... write resumed>) = 40 [pid 1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1565] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1568 attached [pid 1568] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1568] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1568] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1564] <... futex resumed>) = 0 [pid 1568] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1564] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1565] <... futex resumed>) = 0 [pid 1564] <... futex resumed>) = 1 [pid 1565] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1564] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1565] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1564] <... futex resumed>) = 0 [pid 1565] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1564] exit_group(0) = ? [pid 1568] <... futex resumed>) = ? [pid 1568] +++ exited with 0 +++ [pid 1565] <... futex resumed>) = ? [pid 1565] +++ exited with 0 +++ [pid 1564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1564, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./254/binderfs") = 0 [ 56.326589][ T1568] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 56.342914][ T1565] EXT4-fs (loop0): pa ffff8881e6ba6540: logic 16, phys. 128, len 24 [ 56.350923][ T1565] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1569 ./strace-static-x86_64: Process 1569 attached [pid 1569] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1569] chdir("./255") = 0 [pid 1569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1569] setpgid(0, 0) = 0 [pid 1569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1569] write(3, "1000", 4) = 4 [pid 1569] close(3) = 0 [pid 1569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1569] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1569] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1569] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1570], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1570 [pid 1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1569] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1570 attached [pid 1570] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1570] memfd_create("syzkaller", 0) = 3 [pid 1570] ftruncate(3, 2097152) = 0 [pid 1570] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1570] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1570] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1570] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1570] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1570] mkdir("./file0", 0777) = 0 [pid 1570] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1570] ioctl(4, LOOP_CLR_FD) = 0 [pid 1570] close(4) = 0 [pid 1570] close(3) = 0 [pid 1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1569] <... futex resumed>) = 0 [pid 1570] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1569] <... futex resumed>) = 0 [pid 1570] chdir("./file0" [pid 1569] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1570] <... chdir resumed>) = 0 [pid 1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1569] <... futex resumed>) = 0 [pid 1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1570] creat("./file0", 000 [pid 1569] <... futex resumed>) = 0 [pid 1569] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1570] <... creat resumed>) = 3 [pid 1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1569] <... futex resumed>) = 0 [pid 1570] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1570] <... write resumed>) = 40 [pid 1569] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1569] <... futex resumed>) = 0 [pid 1570] <... futex resumed>) = 0 [pid 1569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1570] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1569] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1569] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1573], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1573 [pid 1569] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1569] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1573 attached [pid 1573] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1573] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1573] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1569] <... futex resumed>) = 0 [pid 1573] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1569] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1570] <... futex resumed>) = 0 [pid 1569] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1570] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1569] <... futex resumed>) = 0 [pid 1570] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1569] exit_group(0) = ? [pid 1570] <... futex resumed>) = ? [pid 1573] <... futex resumed>) = ? [pid 1573] +++ exited with 0 +++ [pid 1570] +++ exited with 0 +++ [pid 1569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1569, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./255/binderfs") = 0 [ 56.435313][ T1573] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 56.451291][ T1570] EXT4-fs (loop0): pa ffff8881e68aed20: logic 16, phys. 128, len 24 [ 56.459267][ T1570] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1574 ./strace-static-x86_64: Process 1574 attached [pid 1574] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1574] chdir("./256") = 0 [pid 1574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1574] setpgid(0, 0) = 0 [pid 1574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1574] write(3, "1000", 4) = 4 [pid 1574] close(3) = 0 [pid 1574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1574] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1574] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1574] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1575], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1575 ./strace-static-x86_64: Process 1575 attached [pid 1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1575] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1574] <... futex resumed>) = 0 [pid 1574] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1575] memfd_create("syzkaller", 0) = 3 [pid 1575] ftruncate(3, 2097152) = 0 [pid 1575] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1575] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1575] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1575] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1575] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1575] mkdir("./file0", 0777) = 0 [pid 1575] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1575] ioctl(4, LOOP_CLR_FD) = 0 [pid 1575] close(4) = 0 [pid 1575] close(3) = 0 [pid 1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] <... futex resumed>) = 0 [pid 1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1574] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1575] <... futex resumed>) = 1 [pid 1575] chdir("./file0") = 0 [pid 1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] <... futex resumed>) = 0 [pid 1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1574] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1575] <... futex resumed>) = 1 [pid 1575] creat("./file0", 000) = 3 [pid 1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] <... futex resumed>) = 0 [pid 1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1574] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1574] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1574] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1578], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1578 [pid 1574] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1574] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1578 attached [pid 1575] <... futex resumed>) = 1 [pid 1575] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1578] set_robust_list(0x7f01680719e0, 24 [pid 1575] <... write resumed>) = 40 [pid 1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1575] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1578] <... set_robust_list resumed>) = 0 [pid 1578] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1578] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1574] <... futex resumed>) = 0 [pid 1574] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1574] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1578] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1575] <... futex resumed>) = 0 [pid 1575] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] <... futex resumed>) = 0 [pid 1574] exit_group(0) = ? [pid 1578] <... futex resumed>) = ? [pid 1575] <... futex resumed>) = ? [pid 1575] +++ exited with 0 +++ [pid 1578] +++ exited with 0 +++ [pid 1574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1574, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./256/binderfs") = 0 [ 56.552690][ T1578] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 56.569644][ T1578] EXT4-fs (loop0): pa ffff8881db90e000: logic 16, phys. 128, len 24 [ 56.577668][ T1578] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1579 ./strace-static-x86_64: Process 1579 attached [pid 1579] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1579] chdir("./257") = 0 [pid 1579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1579] setpgid(0, 0) = 0 [pid 1579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1579] write(3, "1000", 4) = 4 [pid 1579] close(3) = 0 [pid 1579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1579] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1579] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1579] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1580 attached , parent_tid=[1580], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1580 [pid 1580] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1580] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1580] <... futex resumed>) = 0 [pid 1580] memfd_create("syzkaller", 0 [pid 1579] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1580] <... memfd_create resumed>) = 3 [pid 1580] ftruncate(3, 2097152) = 0 [pid 1580] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1580] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1580] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1580] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1580] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1580] mkdir("./file0", 0777) = 0 [pid 1580] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1580] ioctl(4, LOOP_CLR_FD) = 0 [pid 1580] close(4) = 0 [pid 1580] close(3) = 0 [pid 1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1580] chdir("./file0" [pid 1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1580] <... chdir resumed>) = 0 [pid 1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1579] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1580] <... futex resumed>) = 0 [pid 1579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1580] creat("./file0", 000 [pid 1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1579] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1580] <... creat resumed>) = 3 [pid 1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1579] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1579] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1579] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1583], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1583 [pid 1579] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1580] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1579] <... futex resumed>) = 0 [pid 1579] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1583 attached [pid 1583] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1583] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1580] <... write resumed>) = 40 [pid 1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1580] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1583] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1579] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1580] <... futex resumed>) = 0 [pid 1580] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1579] <... futex resumed>) = 0 [pid 1579] exit_group(0) = ? [pid 1583] +++ exited with 0 +++ [pid 1580] <... futex resumed>) = ? [pid 1580] +++ exited with 0 +++ [pid 1579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1579, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./257/binderfs") = 0 [ 56.727067][ T1583] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1584 attached , child_tidptr=0x55555656e5d0) = 1584 [pid 1584] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1584] chdir("./258") = 0 [pid 1584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1584] setpgid(0, 0) = 0 [pid 1584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1584] write(3, "1000", 4) = 4 [pid 1584] close(3) = 0 [pid 1584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1584] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1584] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1584] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1585 attached , parent_tid=[1585], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1585 [pid 1585] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1585] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1585] <... futex resumed>) = 0 [pid 1584] <... futex resumed>) = 1 [pid 1585] memfd_create("syzkaller", 0 [pid 1584] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1585] <... memfd_create resumed>) = 3 [pid 1585] ftruncate(3, 2097152) = 0 [pid 1585] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1585] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1585] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1585] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1585] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1585] mkdir("./file0", 0777) = 0 [pid 1585] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1585] ioctl(4, LOOP_CLR_FD) = 0 [pid 1585] close(4) = 0 [pid 1585] close(3) = 0 [pid 1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1584] <... futex resumed>) = 0 [pid 1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1584] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] <... futex resumed>) = 1 [pid 1585] chdir("./file0") = 0 [pid 1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1584] <... futex resumed>) = 0 [pid 1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1584] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] <... futex resumed>) = 1 [pid 1585] creat("./file0", 000) = 3 [pid 1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1584] <... futex resumed>) = 0 [pid 1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1584] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1584] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1584] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1588], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1588 [pid 1584] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1584] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1588 attached [pid 1588] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1588] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1585] <... futex resumed>) = 1 [pid 1585] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1588] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1585] <... write resumed>) = 40 [pid 1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1585] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1588] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1584] <... futex resumed>) = 0 [pid 1584] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1585] <... futex resumed>) = 0 [pid 1584] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1585] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1588] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1584] <... futex resumed>) = 0 [pid 1585] <... futex resumed>) = 1 [pid 1584] exit_group(0 [pid 1585] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1584] <... exit_group resumed>) = ? [pid 1585] <... futex resumed>) = ? [pid 1585] +++ exited with 0 +++ [pid 1588] <... futex resumed>) = ? [pid 1588] +++ exited with 0 +++ [pid 1584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1584, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./258/binderfs") = 0 [ 56.893586][ T1588] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1589 ./strace-static-x86_64: Process 1589 attached [pid 1589] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1589] chdir("./259") = 0 [pid 1589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1589] setpgid(0, 0) = 0 [pid 1589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1589] write(3, "1000", 4) = 4 [pid 1589] close(3) = 0 [pid 1589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1589] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1589] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1589] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1590 attached , parent_tid=[1590], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1590 [pid 1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1590] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1590] memfd_create("syzkaller", 0) = 3 [pid 1590] ftruncate(3, 2097152) = 0 [pid 1590] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1590] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1590] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1590] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1590] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1590] mkdir("./file0", 0777) = 0 [pid 1590] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1590] ioctl(4, LOOP_CLR_FD) = 0 [pid 1590] close(4) = 0 [pid 1590] close(3) = 0 [pid 1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1589] <... futex resumed>) = 0 [pid 1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1590] chdir("./file0" [pid 1589] <... futex resumed>) = 0 [pid 1590] <... chdir resumed>) = 0 [pid 1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1590] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1589] <... futex resumed>) = 0 [pid 1590] creat("./file0", 000 [pid 1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1590] <... creat resumed>) = 3 [pid 1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1589] <... futex resumed>) = 0 [pid 1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1590] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1589] <... futex resumed>) = 0 [pid 1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1590] <... futex resumed>) = 0 [pid 1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1590] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1590] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1589] <... futex resumed>) = 0 [pid 1589] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1589] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1590] <... futex resumed>) = 0 [pid 1590] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1589] <... futex resumed>) = 0 [pid 1589] exit_group(0) = ? [pid 1590] <... futex resumed>) = ? [pid 1590] +++ exited with 0 +++ [pid 1589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1589, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./259/binderfs") = 0 [ 56.998582][ T1590] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 57.016181][ T1590] EXT4-fs (loop0): pa ffff8881db90e5e8: logic 16, phys. 128, len 24 [ 57.024185][ T1590] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1593 ./strace-static-x86_64: Process 1593 attached [pid 1593] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1593] chdir("./260") = 0 [pid 1593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1593] setpgid(0, 0) = 0 [pid 1593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1593] write(3, "1000", 4) = 4 [pid 1593] close(3) = 0 [pid 1593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1593] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1593] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1593] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1594], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1594 [pid 1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1593] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1594 attached [pid 1594] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1594] memfd_create("syzkaller", 0) = 3 [pid 1594] ftruncate(3, 2097152) = 0 [pid 1594] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1594] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1594] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1594] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1594] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1594] mkdir("./file0", 0777) = 0 [pid 1594] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1594] ioctl(4, LOOP_CLR_FD) = 0 [pid 1594] close(4) = 0 [pid 1594] close(3) = 0 [pid 1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1593] <... futex resumed>) = 0 [pid 1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1594] chdir("./file0" [pid 1593] <... futex resumed>) = 0 [pid 1594] <... chdir resumed>) = 0 [pid 1593] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1593] <... futex resumed>) = 0 [pid 1594] <... futex resumed>) = 1 [pid 1594] creat("./file0", 000 [pid 1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1593] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1594] <... creat resumed>) = 3 [pid 1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1593] <... futex resumed>) = 0 [pid 1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1593] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1593] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1593] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1597], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1597 [pid 1593] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1597 attached [pid 1594] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1593] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1594] <... write resumed>) = 40 [pid 1597] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1597] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1594] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1597] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1597] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1593] <... futex resumed>) = 0 [pid 1597] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1593] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1594] <... futex resumed>) = 0 [pid 1593] <... futex resumed>) = 1 [pid 1594] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1593] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1594] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1594] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1593] <... futex resumed>) = 0 [pid 1593] exit_group(0) = ? [pid 1597] <... futex resumed>) = ? [pid 1594] +++ exited with 0 +++ [pid 1597] +++ exited with 0 +++ [pid 1593] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1593, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./260/binderfs") = 0 [ 57.126181][ T1597] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 57.143864][ T1597] EXT4-fs (loop0): pa ffff8881db90e690: logic 16, phys. 128, len 24 [ 57.151890][ T1597] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1598 attached , child_tidptr=0x55555656e5d0) = 1598 [pid 1598] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1598] chdir("./261") = 0 [pid 1598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1598] setpgid(0, 0) = 0 [pid 1598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1598] write(3, "1000", 4) = 4 [pid 1598] close(3) = 0 [pid 1598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1598] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1598] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1598] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1599 attached , parent_tid=[1599], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1599 [pid 1599] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1599] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1599] <... futex resumed>) = 0 [pid 1599] memfd_create("syzkaller", 0 [pid 1598] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1599] <... memfd_create resumed>) = 3 [pid 1599] ftruncate(3, 2097152) = 0 [pid 1599] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1599] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1599] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1599] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1599] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1599] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1599] mkdir("./file0", 0777) = 0 [pid 1599] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1599] ioctl(4, LOOP_CLR_FD) = 0 [pid 1599] close(4) = 0 [pid 1599] close(3) = 0 [pid 1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1598] <... futex resumed>) = 0 [pid 1599] chdir("./file0" [pid 1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1599] <... chdir resumed>) = 0 [pid 1598] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1598] <... futex resumed>) = 0 [pid 1599] <... futex resumed>) = 1 [pid 1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1599] creat("./file0", 000 [pid 1598] <... futex resumed>) = 0 [pid 1598] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1599] <... creat resumed>) = 3 [pid 1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1598] <... futex resumed>) = 0 [pid 1599] <... futex resumed>) = 1 [pid 1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1598] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1598] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1598] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1602], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1602 [pid 1598] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1598] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1599] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1599] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1602 attached [pid 1602] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1602] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1602] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1598] <... futex resumed>) = 0 [pid 1598] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1598] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1599] <... futex resumed>) = 0 [pid 1602] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1599] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1599] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1598] <... futex resumed>) = 0 [pid 1598] exit_group(0) = ? [pid 1599] <... futex resumed>) = ? [pid 1599] +++ exited with 0 +++ [pid 1602] <... futex resumed>) = ? [pid 1602] +++ exited with 0 +++ [pid 1598] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1598, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./261/binderfs") = 0 [ 57.254619][ T1602] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 57.271817][ T1602] EXT4-fs (loop0): pa ffff8881e6ba6e70: logic 16, phys. 128, len 24 [ 57.279787][ T1602] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1603 ./strace-static-x86_64: Process 1603 attached [pid 1603] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1603] chdir("./262") = 0 [pid 1603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1603] setpgid(0, 0) = 0 [pid 1603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1603] write(3, "1000", 4) = 4 [pid 1603] close(3) = 0 [pid 1603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1603] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1603] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1603] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1604 attached , parent_tid=[1604], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1604 [pid 1604] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1604] <... futex resumed>) = 0 [pid 1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1604] memfd_create("syzkaller", 0) = 3 [pid 1604] ftruncate(3, 2097152) = 0 [pid 1604] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1604] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1604] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1604] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1604] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1604] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1604] mkdir("./file0", 0777) = 0 [pid 1604] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1604] ioctl(4, LOOP_CLR_FD) = 0 [pid 1604] close(4) = 0 [pid 1604] close(3) = 0 [pid 1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1603] <... futex resumed>) = 0 [pid 1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1604] <... futex resumed>) = 0 [pid 1604] chdir("./file0") = 0 [pid 1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1604] <... futex resumed>) = 0 [pid 1604] creat("./file0", 000) = 3 [pid 1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1604] <... futex resumed>) = 0 [pid 1604] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1604] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1604] <... futex resumed>) = 0 [pid 1604] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1604] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1603] <... futex resumed>) = 0 [pid 1603] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1603] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1604] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1604] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1603] <... futex resumed>) = 0 [pid 1603] exit_group(0) = ? [pid 1604] +++ exited with 0 +++ [pid 1603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1603, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./262/binderfs") = 0 [ 57.386031][ T1604] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 57.402777][ T1604] EXT4-fs (loop0): pa ffff8881e6ba6930: logic 16, phys. 128, len 24 [ 57.410802][ T1604] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1607 ./strace-static-x86_64: Process 1607 attached [pid 1607] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1607] chdir("./263") = 0 [pid 1607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1607] setpgid(0, 0) = 0 [pid 1607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1607] write(3, "1000", 4) = 4 [pid 1607] close(3) = 0 [pid 1607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1607] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1607] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1607] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1608 attached , parent_tid=[1608], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1608 [pid 1608] set_robust_list(0x7f01680929e0, 24 [pid 1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1608] <... set_robust_list resumed>) = 0 [pid 1607] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1608] memfd_create("syzkaller", 0) = 3 [pid 1608] ftruncate(3, 2097152) = 0 [pid 1608] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1608] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1608] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1608] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1608] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1608] mkdir("./file0", 0777) = 0 [pid 1608] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1608] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1608] ioctl(4, LOOP_CLR_FD) = 0 [pid 1608] close(4) = 0 [pid 1608] close(3) = 0 [pid 1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1607] <... futex resumed>) = 0 [pid 1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] chdir("./file0" [pid 1607] <... futex resumed>) = 0 [pid 1607] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] <... chdir resumed>) = 0 [pid 1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1607] <... futex resumed>) = 0 [pid 1608] creat("./file0", 000 [pid 1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] <... creat resumed>) = 3 [pid 1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1607] <... futex resumed>) = 0 [pid 1608] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1608] <... write resumed>) = 40 [pid 1607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1607] <... mmap resumed>) = 0x7f0168051000 [pid 1608] <... futex resumed>) = 0 [pid 1607] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1608] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1607] <... mprotect resumed>) = 0 [pid 1607] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1611 attached , parent_tid=[1611], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1611 [pid 1611] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1611] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1607] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1611] <... futex resumed>) = 0 [pid 1611] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1607] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1611] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1611] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1611] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1607] <... futex resumed>) = 0 [pid 1607] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1608] <... futex resumed>) = 0 [pid 1607] <... futex resumed>) = 1 [pid 1607] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1608] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1607] <... futex resumed>) = 0 [pid 1608] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1607] exit_group(0) = ? [pid 1611] <... futex resumed>) = ? [pid 1611] +++ exited with 0 +++ [pid 1608] <... futex resumed>) = ? [pid 1608] +++ exited with 0 +++ [pid 1607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1607, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./263/binderfs") = 0 [ 57.508453][ T1611] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 57.526482][ T1608] EXT4-fs (loop0): pa ffff8881db90e3f0: logic 16, phys. 128, len 24 [ 57.534596][ T1608] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1612 attached [pid 1612] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1612] chdir("./264") = 0 [pid 1612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1612] setpgid(0, 0) = 0 [pid 1612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1612 [pid 1612] <... openat resumed>) = 3 [pid 1612] write(3, "1000", 4) = 4 [pid 1612] close(3) = 0 [pid 1612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1612] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1612] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1612] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1613 attached , parent_tid=[1613], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1613 [pid 1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1613] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1613] memfd_create("syzkaller", 0) = 3 [pid 1613] ftruncate(3, 2097152) = 0 [pid 1613] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1613] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1613] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1613] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1613] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1613] mkdir("./file0", 0777) = 0 [pid 1613] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1613] ioctl(4, LOOP_CLR_FD) = 0 [pid 1613] close(4) = 0 [pid 1613] close(3) = 0 [pid 1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] <... futex resumed>) = 0 [pid 1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1613] <... futex resumed>) = 1 [pid 1613] chdir("./file0") = 0 [pid 1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] <... futex resumed>) = 0 [pid 1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1613] <... futex resumed>) = 1 [pid 1613] creat("./file0", 000) = 3 [pid 1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] <... futex resumed>) = 0 [pid 1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1612] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1612] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1616], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1616 [pid 1612] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1613] <... futex resumed>) = 1 [pid 1613] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1613] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1616 attached [pid 1616] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1616] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1616] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1612] <... futex resumed>) = 0 [pid 1612] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1612] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1613] <... futex resumed>) = 0 [pid 1613] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1613] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] <... futex resumed>) = 0 [pid 1612] exit_group(0) = ? [pid 1613] <... futex resumed>) = ? [pid 1613] +++ exited with 0 +++ [pid 1616] +++ exited with 0 +++ [pid 1612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1612, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./264/binderfs") = 0 [ 57.685886][ T1616] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 57.702260][ T1616] EXT4-fs (loop0): pa ffff8881e6ba67e0: logic 16, phys. 128, len 24 [ 57.710258][ T1616] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1617 attached , child_tidptr=0x55555656e5d0) = 1617 [pid 1617] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1617] chdir("./265") = 0 [pid 1617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1617] setpgid(0, 0) = 0 [pid 1617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1617] write(3, "1000", 4) = 4 [pid 1617] close(3) = 0 [pid 1617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1617] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1617] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1617] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1618 attached , parent_tid=[1618], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1618 [pid 1618] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1618] <... futex resumed>) = 0 [pid 1618] memfd_create("syzkaller", 0) = 3 [pid 1618] ftruncate(3, 2097152) = 0 [pid 1618] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1618] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1618] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1618] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1618] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1618] ioctl(4, LOOP_SET_FD, 3 [pid 1617] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1618] <... ioctl resumed>) = 0 [pid 1618] mkdir("./file0", 0777) = 0 [pid 1618] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1618] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1618] ioctl(4, LOOP_CLR_FD) = 0 [pid 1618] close(4) = 0 [pid 1618] close(3) = 0 [pid 1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1617] <... futex resumed>) = 0 [pid 1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1617] <... futex resumed>) = 0 [pid 1618] chdir("./file0" [pid 1617] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1618] <... chdir resumed>) = 0 [pid 1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1617] <... futex resumed>) = 0 [pid 1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1617] <... futex resumed>) = 0 [pid 1618] creat("./file0", 000 [pid 1617] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1618] <... creat resumed>) = 3 [pid 1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1617] <... futex resumed>) = 0 [pid 1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1617] <... futex resumed>) = 0 [pid 1618] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1617] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1618] <... write resumed>) = 40 [pid 1617] <... futex resumed>) = 0 [pid 1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1618] <... futex resumed>) = 0 [pid 1617] <... mmap resumed>) = 0x7f0168051000 [pid 1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1617] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1617] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1621 attached , parent_tid=[1621], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1621 [pid 1621] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1621] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1617] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1621] <... futex resumed>) = 0 [pid 1621] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1617] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1621] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1621] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1621] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1617] <... futex resumed>) = 0 [pid 1617] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1618] <... futex resumed>) = 0 [pid 1618] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1618] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1618] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1617] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1617] exit_group(0) = ? [pid 1621] <... futex resumed>) = ? [pid 1618] <... futex resumed>) = ? [pid 1621] +++ exited with 0 +++ [pid 1618] +++ exited with 0 +++ [pid 1617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1617, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./265/binderfs") = 0 [ 57.825541][ T1621] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 57.842585][ T1617] EXT4-fs (loop0): pa ffff8881db90e9d8: logic 16, phys. 128, len 24 [ 57.850761][ T1617] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1622 ./strace-static-x86_64: Process 1622 attached [pid 1622] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1622] chdir("./266") = 0 [pid 1622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1622] setpgid(0, 0) = 0 [pid 1622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1622] write(3, "1000", 4) = 4 [pid 1622] close(3) = 0 [pid 1622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1622] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1622] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1622] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1623], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1623 ./strace-static-x86_64: Process 1623 attached [pid 1623] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1623] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] <... futex resumed>) = 0 [pid 1622] <... futex resumed>) = 1 [pid 1623] memfd_create("syzkaller", 0) = 3 [pid 1623] ftruncate(3, 2097152) = 0 [pid 1623] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1623] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1623] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1623] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192 [pid 1622] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1623] <... pwrite64 resumed>) = 4098 [pid 1623] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1623] mkdir("./file0", 0777) = 0 [pid 1623] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1623] ioctl(4, LOOP_CLR_FD) = 0 [pid 1623] close(4) = 0 [pid 1623] close(3) = 0 [pid 1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1622] <... futex resumed>) = 0 [pid 1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] chdir("./file0" [pid 1622] <... futex resumed>) = 0 [pid 1622] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1623] <... chdir resumed>) = 0 [pid 1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1622] <... futex resumed>) = 0 [pid 1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] creat("./file0", 000 [pid 1622] <... futex resumed>) = 0 [pid 1622] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1623] <... creat resumed>) = 3 [pid 1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1623] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1622] <... futex resumed>) = 0 [pid 1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1623] <... futex resumed>) = 0 [pid 1623] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1622] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] <... write resumed>) = 40 [pid 1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1623] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1622] <... futex resumed>) = 0 [pid 1622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1622] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1622] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1626 attached [pid 1626] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1626] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1622] <... clone resumed>, parent_tid=[1626], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1626 [pid 1622] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1626] <... futex resumed>) = 0 [pid 1622] <... futex resumed>) = 1 [pid 1626] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1622] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1626] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1626] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1622] <... futex resumed>) = 0 [pid 1622] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1622] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1623] <... futex resumed>) = 0 [pid 1623] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1623] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1622] <... futex resumed>) = 0 [pid 1623] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1622] exit_group(0) = ? [pid 1623] <... futex resumed>) = ? [pid 1623] +++ exited with 0 +++ [pid 1626] +++ exited with 0 +++ [pid 1622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1622, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./266/binderfs") = 0 [ 57.957903][ T1626] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 57.974912][ T1626] EXT4-fs (loop0): pa ffff8881db90ebd0: logic 16, phys. 128, len 24 [ 57.982975][ T1626] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1627 ./strace-static-x86_64: Process 1627 attached [pid 1627] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1627] chdir("./267") = 0 [pid 1627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1627] setpgid(0, 0) = 0 [pid 1627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1627] write(3, "1000", 4) = 4 [pid 1627] close(3) = 0 [pid 1627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1627] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1627] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1627] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1628], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1628 [pid 1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1628 attached ) = 0 [pid 1627] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1628] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1628] memfd_create("syzkaller", 0) = 3 [pid 1628] ftruncate(3, 2097152) = 0 [pid 1628] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1628] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1628] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1628] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1628] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1628] mkdir("./file0", 0777) = 0 [pid 1628] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1628] ioctl(4, LOOP_CLR_FD) = 0 [pid 1628] close(4) = 0 [pid 1628] close(3) = 0 [pid 1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1627] <... futex resumed>) = 0 [pid 1628] <... futex resumed>) = 1 [pid 1628] chdir("./file0" [pid 1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1628] <... chdir resumed>) = 0 [pid 1627] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1627] <... futex resumed>) = 0 [pid 1628] <... futex resumed>) = 1 [pid 1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1627] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1628] creat("./file0", 000) = 3 [pid 1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1627] <... futex resumed>) = 0 [pid 1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1628] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1627] <... futex resumed>) = 0 [pid 1627] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1628] <... write resumed>) = 40 [pid 1627] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1627] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1628] <... futex resumed>) = 0 [pid 1627] <... clone resumed>, parent_tid=[1631], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1631 [pid 1628] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1627] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1627] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1631 attached [pid 1631] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1631] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1631] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1627] <... futex resumed>) = 0 [pid 1627] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1627] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1631] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1628] <... futex resumed>) = 0 [pid 1628] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1628] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1627] <... futex resumed>) = 0 [pid 1627] exit_group(0) = ? [pid 1631] <... futex resumed>) = ? [pid 1628] +++ exited with 0 +++ [pid 1631] +++ exited with 0 +++ [pid 1627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1627, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./267/binderfs") = 0 [ 58.082528][ T1631] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 58.100109][ T1631] EXT4-fs (loop0): pa ffff8881db90ea80: logic 16, phys. 128, len 24 [ 58.108117][ T1631] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1632 attached , child_tidptr=0x55555656e5d0) = 1632 [pid 1632] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1632] chdir("./268") = 0 [pid 1632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1632] setpgid(0, 0) = 0 [pid 1632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1632] write(3, "1000", 4) = 4 [pid 1632] close(3) = 0 [pid 1632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1632] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1632] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1632] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1633 attached , parent_tid=[1633], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1633 [pid 1632] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1633] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1633] memfd_create("syzkaller", 0) = 3 [pid 1633] ftruncate(3, 2097152) = 0 [pid 1633] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1633] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1633] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1633] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1633] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1633] mkdir("./file0", 0777) = 0 [pid 1633] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1633] ioctl(4, LOOP_CLR_FD) = 0 [pid 1633] close(4) = 0 [pid 1633] close(3) = 0 [pid 1633] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] <... futex resumed>) = 0 [pid 1633] <... futex resumed>) = 1 [pid 1632] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1633] chdir("./file0" [pid 1632] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1633] <... chdir resumed>) = 0 [pid 1633] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] <... futex resumed>) = 0 [pid 1633] <... futex resumed>) = 1 [pid 1632] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1633] creat("./file0", 000 [pid 1632] <... futex resumed>) = 0 [pid 1632] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1633] <... creat resumed>) = 3 [pid 1633] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] <... futex resumed>) = 0 [pid 1633] <... futex resumed>) = 1 [pid 1632] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1632] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1632] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1636], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1636 [pid 1632] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1633] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 1636 attached [pid 1636] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1636] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1636] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1632] <... futex resumed>) = 0 [pid 1636] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1632] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1636] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1636] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] <... futex resumed>) = 0 [pid 1636] <... futex resumed>) = 0 [pid 1632] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1636] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1633] <... write resumed>) = 40 [pid 1633] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1633] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1632] exit_group(0) = ? [pid 1633] <... futex resumed>) = ? [pid 1633] +++ exited with 0 +++ [pid 1636] <... futex resumed>) = ? [pid 1636] +++ exited with 0 +++ [pid 1632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1632, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./268/binderfs") = 0 [ 58.245277][ T1636] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1637 ./strace-static-x86_64: Process 1637 attached [pid 1637] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1637] chdir("./269") = 0 [pid 1637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1637] setpgid(0, 0) = 0 [pid 1637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1637] write(3, "1000", 4) = 4 [pid 1637] close(3) = 0 [pid 1637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1637] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1637] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1637] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1638], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1638 ./strace-static-x86_64: Process 1638 attached [pid 1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1638] set_robust_list(0x7f01680929e0, 24 [pid 1637] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1638] <... set_robust_list resumed>) = 0 [pid 1638] memfd_create("syzkaller", 0) = 3 [pid 1638] ftruncate(3, 2097152) = 0 [pid 1638] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1638] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1638] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1638] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1638] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1638] mkdir("./file0", 0777) = 0 [pid 1638] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1638] ioctl(4, LOOP_CLR_FD) = 0 [pid 1638] close(4) = 0 [pid 1638] close(3) = 0 [pid 1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1637] <... futex resumed>) = 0 [pid 1638] <... futex resumed>) = 1 [pid 1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1637] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1638] chdir("./file0") = 0 [pid 1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1637] <... futex resumed>) = 0 [pid 1638] <... futex resumed>) = 1 [pid 1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1637] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1638] creat("./file0", 000) = 3 [pid 1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1637] <... futex resumed>) = 0 [pid 1638] <... futex resumed>) = 1 [pid 1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1637] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1637] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1637] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1641], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1641 [pid 1637] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1637] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1641 attached [pid 1641] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1641] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1638] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1641] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1641] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1638] <... write resumed>) = 40 [pid 1641] <... futex resumed>) = 1 [pid 1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1637] <... futex resumed>) = 0 [pid 1641] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1638] <... futex resumed>) = 0 [pid 1637] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1638] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1637] <... futex resumed>) = 0 [pid 1638] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1637] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1638] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1638] <... futex resumed>) = 0 [pid 1637] exit_group(0 [pid 1638] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1637] <... exit_group resumed>) = ? [pid 1641] <... futex resumed>) = ? [pid 1641] +++ exited with 0 +++ [pid 1638] <... futex resumed>) = ? [pid 1638] +++ exited with 0 +++ [pid 1637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1637, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./269/binderfs") = 0 [ 58.365550][ T1641] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1642 ./strace-static-x86_64: Process 1642 attached [pid 1642] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1642] chdir("./270") = 0 [pid 1642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1642] setpgid(0, 0) = 0 [pid 1642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1642] write(3, "1000", 4) = 4 [pid 1642] close(3) = 0 [pid 1642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1642] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1642] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1642] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1643 attached , parent_tid=[1643], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1643 [pid 1643] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1643] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1643] <... futex resumed>) = 0 [pid 1642] <... futex resumed>) = 1 [pid 1642] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1643] memfd_create("syzkaller", 0) = 3 [pid 1643] ftruncate(3, 2097152) = 0 [pid 1643] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1643] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1643] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1643] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1643] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1643] mkdir("./file0", 0777) = 0 [pid 1643] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1643] ioctl(4, LOOP_CLR_FD) = 0 [pid 1643] close(4) = 0 [pid 1643] close(3) = 0 [pid 1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1643] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1642] <... futex resumed>) = 0 [pid 1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1642] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1643] <... futex resumed>) = 0 [pid 1643] chdir("./file0") = 0 [pid 1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1642] <... futex resumed>) = 0 [pid 1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1642] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1643] <... futex resumed>) = 1 [pid 1643] creat("./file0", 000) = 3 [pid 1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1642] <... futex resumed>) = 0 [pid 1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1642] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1642] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1642] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1646 attached , parent_tid=[1646], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1646 [pid 1642] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1642] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1643] <... futex resumed>) = 1 [pid 1643] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1646] set_robust_list(0x7f01680719e0, 24 [pid 1643] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1646] <... set_robust_list resumed>) = 0 [pid 1646] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1646] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1642] <... futex resumed>) = 0 [pid 1642] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1642] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1643] <... futex resumed>) = 0 [pid 1643] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1643] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1642] <... futex resumed>) = 0 [pid 1642] exit_group(0) = ? [pid 1643] <... futex resumed>) = ? [pid 1646] +++ exited with 0 +++ [pid 1643] +++ exited with 0 +++ [pid 1642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1642, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./270/binderfs") = 0 [ 58.457185][ T1646] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 58.473983][ T1643] EXT4-fs (loop0): pa ffff8881db90ef18: logic 16, phys. 128, len 24 [ 58.481972][ T1643] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1647 ./strace-static-x86_64: Process 1647 attached [pid 1647] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1647] chdir("./271") = 0 [pid 1647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1647] setpgid(0, 0) = 0 [pid 1647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1647] write(3, "1000", 4) = 4 [pid 1647] close(3) = 0 [pid 1647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1647] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1647] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1647] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1648], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1648 ./strace-static-x86_64: Process 1648 attached [pid 1648] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1648] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1648] <... futex resumed>) = 0 [pid 1647] <... futex resumed>) = 1 [pid 1648] memfd_create("syzkaller", 0 [pid 1647] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1648] <... memfd_create resumed>) = 3 [pid 1648] ftruncate(3, 2097152) = 0 [pid 1648] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1648] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1648] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1648] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1648] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1648] mkdir("./file0", 0777) = 0 [pid 1648] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1648] ioctl(4, LOOP_CLR_FD) = 0 [pid 1648] close(4) = 0 [pid 1648] close(3) = 0 [pid 1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1647] <... futex resumed>) = 0 [pid 1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1647] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1648] chdir("./file0") = 0 [pid 1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1647] <... futex resumed>) = 0 [pid 1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1647] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1648] creat("./file0", 000) = 3 [pid 1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1647] <... futex resumed>) = 0 [pid 1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1647] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1647] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1647] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1651], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1651 [pid 1647] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1647] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1648] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1648] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1651 attached [pid 1651] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1651] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1651] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1647] <... futex resumed>) = 0 [pid 1647] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1648] <... futex resumed>) = 0 [pid 1647] <... futex resumed>) = 1 [pid 1648] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1647] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1648] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1648] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1647] <... futex resumed>) = 0 [pid 1648] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1647] exit_group(0 [pid 1648] <... futex resumed>) = ? [pid 1647] <... exit_group resumed>) = ? [pid 1648] +++ exited with 0 +++ [pid 1651] <... futex resumed>) = ? [pid 1651] +++ exited with 0 +++ [pid 1647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1647, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./271/binderfs") = 0 [ 58.587099][ T1651] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 58.603178][ T1651] EXT4-fs (loop0): pa ffff8881e6ba65e8: logic 16, phys. 128, len 24 [ 58.611230][ T1651] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1652 ./strace-static-x86_64: Process 1652 attached [pid 1652] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1652] chdir("./272") = 0 [pid 1652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1652] setpgid(0, 0) = 0 [pid 1652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1652] write(3, "1000", 4) = 4 [pid 1652] close(3) = 0 [pid 1652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1652] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1652] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1652] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1653], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1653 [pid 1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1653 attached ) = 0 [pid 1652] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1653] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1653] memfd_create("syzkaller", 0) = 3 [pid 1653] ftruncate(3, 2097152) = 0 [pid 1653] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1653] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1653] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1653] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1653] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1653] mkdir("./file0", 0777) = 0 [pid 1653] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1653] ioctl(4, LOOP_CLR_FD) = 0 [pid 1653] close(4) = 0 [pid 1653] close(3) = 0 [pid 1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1652] <... futex resumed>) = 0 [pid 1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1652] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1653] <... futex resumed>) = 1 [pid 1653] chdir("./file0") = 0 [pid 1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1652] <... futex resumed>) = 0 [pid 1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1652] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1653] <... futex resumed>) = 1 [pid 1653] creat("./file0", 000) = 3 [pid 1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1652] <... futex resumed>) = 0 [pid 1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1652] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1652] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1652] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1656], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1656 ./strace-static-x86_64: Process 1656 attached [pid 1652] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1652] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1653] <... futex resumed>) = 1 [pid 1653] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1656] set_robust_list(0x7f01680719e0, 24 [pid 1653] <... write resumed>) = 40 [pid 1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1653] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1656] <... set_robust_list resumed>) = 0 [pid 1656] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1656] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1652] <... futex resumed>) = 0 [pid 1656] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1652] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1653] <... futex resumed>) = 0 [pid 1652] <... futex resumed>) = 1 [pid 1653] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1652] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1653] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1653] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1653] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1652] exit_group(0 [pid 1656] <... futex resumed>) = ? [pid 1653] <... futex resumed>) = ? [pid 1652] <... exit_group resumed>) = ? [pid 1656] +++ exited with 0 +++ [pid 1653] +++ exited with 0 +++ [pid 1652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1652, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./272/binderfs") = 0 [ 58.703401][ T1656] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 58.720646][ T1652] EXT4-fs (loop0): pa ffff8881db90e2a0: logic 16, phys. 128, len 24 [ 58.728633][ T1652] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1657 ./strace-static-x86_64: Process 1657 attached [pid 1657] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1657] chdir("./273") = 0 [pid 1657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1657] setpgid(0, 0) = 0 [pid 1657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1657] write(3, "1000", 4) = 4 [pid 1657] close(3) = 0 [pid 1657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1657] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1657] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1657] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1658 attached , parent_tid=[1658], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1658 [pid 1658] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1658] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1658] <... futex resumed>) = 0 [pid 1658] memfd_create("syzkaller", 0 [pid 1657] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1658] <... memfd_create resumed>) = 3 [pid 1658] ftruncate(3, 2097152) = 0 [pid 1658] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1658] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1658] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1658] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1658] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1658] mkdir("./file0", 0777) = 0 [pid 1658] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1658] ioctl(4, LOOP_CLR_FD) = 0 [pid 1658] close(4) = 0 [pid 1658] close(3) = 0 [pid 1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1657] <... futex resumed>) = 0 [pid 1658] <... futex resumed>) = 1 [pid 1658] chdir("./file0" [pid 1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1657] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1658] <... chdir resumed>) = 0 [pid 1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1657] <... futex resumed>) = 0 [pid 1658] <... futex resumed>) = 1 [pid 1658] creat("./file0", 000 [pid 1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1657] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1658] <... creat resumed>) = 3 [pid 1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1657] <... futex resumed>) = 0 [pid 1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1657] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1657] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1657] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1661], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1661 [pid 1657] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1657] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1658] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1658] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1661 attached [pid 1661] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1661] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1661] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1657] <... futex resumed>) = 0 [pid 1661] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1657] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1657] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1658] <... futex resumed>) = 0 [pid 1658] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1658] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1657] <... futex resumed>) = 0 [pid 1657] exit_group(0) = ? [pid 1661] <... futex resumed>) = ? [pid 1661] +++ exited with 0 +++ [pid 1658] +++ exited with 0 +++ [pid 1657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1657, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./273/binderfs") = 0 [ 58.885846][ T1661] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 58.903102][ T1658] EXT4-fs (loop0): pa ffff8881e6ba6dc8: logic 16, phys. 128, len 24 [ 58.911108][ T1658] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1662 attached , child_tidptr=0x55555656e5d0) = 1662 [pid 1662] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1662] chdir("./274") = 0 [pid 1662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1662] setpgid(0, 0) = 0 [pid 1662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1662] write(3, "1000", 4) = 4 [pid 1662] close(3) = 0 [pid 1662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1662] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1662] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1662] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1663 attached , parent_tid=[1663], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1663 [pid 1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1662] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1663] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1663] memfd_create("syzkaller", 0) = 3 [pid 1663] ftruncate(3, 2097152) = 0 [pid 1663] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1663] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1663] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1663] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1663] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1663] mkdir("./file0", 0777) = 0 [pid 1663] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1663] ioctl(4, LOOP_CLR_FD) = 0 [pid 1663] close(4) = 0 [pid 1663] close(3) = 0 [pid 1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1663] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1662] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1663] chdir("./file0") = 0 [pid 1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1663] creat("./file0", 000 [pid 1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1662] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1663] <... creat resumed>) = 3 [pid 1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1663] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1662] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1663] <... write resumed>) = 40 [pid 1662] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1662] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1663] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1666 attached [pid 1663] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1662] <... clone resumed>, parent_tid=[1666], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1666 [pid 1662] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1662] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1666] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1666] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1666] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1666] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1662] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1663] <... futex resumed>) = 0 [pid 1662] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1663] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1663] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1663] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1662] exit_group(0) = ? [pid 1663] <... futex resumed>) = ? [pid 1663] +++ exited with 0 +++ [pid 1666] <... futex resumed>) = ? [pid 1666] +++ exited with 0 +++ [pid 1662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1662, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./274/binderfs") = 0 [ 59.036764][ T1666] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 59.053117][ T1666] EXT4-fs (loop0): pa ffff8881e6ba62a0: logic 16, phys. 128, len 24 [ 59.061130][ T1666] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1667 ./strace-static-x86_64: Process 1667 attached [pid 1667] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1667] chdir("./275") = 0 [pid 1667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1667] setpgid(0, 0) = 0 [pid 1667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1667] write(3, "1000", 4) = 4 [pid 1667] close(3) = 0 [pid 1667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1667] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1667] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1667] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1668], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1668 [pid 1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1667] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1668 attached [pid 1668] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1668] memfd_create("syzkaller", 0) = 3 [pid 1668] ftruncate(3, 2097152) = 0 [pid 1668] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1668] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1668] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1668] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1668] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1668] mkdir("./file0", 0777) = 0 [pid 1668] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1668] ioctl(4, LOOP_CLR_FD) = 0 [pid 1668] close(4) = 0 [pid 1668] close(3) = 0 [pid 1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1667] <... futex resumed>) = 0 [pid 1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1667] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1668] chdir("./file0") = 0 [pid 1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1667] <... futex resumed>) = 0 [pid 1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1667] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1668] creat("./file0", 000) = 3 [pid 1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1667] <... futex resumed>) = 0 [pid 1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1667] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1667] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1667] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1671], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1671 [pid 1667] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1667] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1671 attached [pid 1671] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1671] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1668] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1671] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1671] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1668] <... write resumed>) = 40 [pid 1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1668] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1671] <... futex resumed>) = 1 [pid 1667] <... futex resumed>) = 0 [pid 1667] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1667] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1671] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1668] <... futex resumed>) = 0 [pid 1668] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1668] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1667] <... futex resumed>) = 0 [pid 1667] exit_group(0) = ? [pid 1671] <... futex resumed>) = ? [pid 1668] <... futex resumed>) = ? [pid 1668] +++ exited with 0 +++ [pid 1671] +++ exited with 0 +++ [pid 1667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1667, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./275/binderfs") = 0 [ 59.149053][ T1671] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1672 ./strace-static-x86_64: Process 1672 attached [pid 1672] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1672] chdir("./276") = 0 [pid 1672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1672] setpgid(0, 0) = 0 [pid 1672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1672] write(3, "1000", 4) = 4 [pid 1672] close(3) = 0 [pid 1672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1672] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1672] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1672] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1673], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1673 [pid 1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1672] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1673 attached [pid 1673] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1673] memfd_create("syzkaller", 0) = 3 [pid 1673] ftruncate(3, 2097152) = 0 [pid 1673] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1673] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1673] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1673] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1673] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1673] mkdir("./file0", 0777) = 0 [pid 1673] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1673] ioctl(4, LOOP_CLR_FD) = 0 [pid 1673] close(4) = 0 [pid 1673] close(3) = 0 [pid 1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1672] <... futex resumed>) = 0 [pid 1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1672] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1673] chdir("./file0") = 0 [pid 1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1672] <... futex resumed>) = 0 [pid 1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1672] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1673] creat("./file0", 000) = 3 [pid 1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1672] <... futex resumed>) = 0 [pid 1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1672] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1672] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1672] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1676], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1676 [pid 1672] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1672] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1676 attached [pid 1676] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1676] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1673] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1676] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1676] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1673] <... write resumed>) = 40 [pid 1676] <... futex resumed>) = 1 [pid 1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1672] <... futex resumed>) = 0 [pid 1676] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1673] <... futex resumed>) = 0 [pid 1672] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1673] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1672] <... futex resumed>) = 0 [pid 1673] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1672] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1673] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1673] <... futex resumed>) = 0 [pid 1673] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1672] exit_group(0 [pid 1676] <... futex resumed>) = ? [pid 1673] <... futex resumed>) = ? [pid 1672] <... exit_group resumed>) = ? [pid 1676] +++ exited with 0 +++ [pid 1673] +++ exited with 0 +++ [pid 1672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1672, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./276/binderfs") = 0 [ 59.266558][ T1676] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1677 attached , child_tidptr=0x55555656e5d0) = 1677 [pid 1677] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1677] chdir("./277") = 0 [pid 1677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1677] setpgid(0, 0) = 0 [pid 1677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1677] write(3, "1000", 4) = 4 [pid 1677] close(3) = 0 [pid 1677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1677] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1677] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1677] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1678 attached [pid 1678] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1678] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1677] <... clone resumed>, parent_tid=[1678], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1678 [pid 1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1678] <... futex resumed>) = 0 [pid 1678] memfd_create("syzkaller", 0) = 3 [pid 1678] ftruncate(3, 2097152) = 0 [pid 1678] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1678] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1678] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1678] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1678] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1678] ioctl(4, LOOP_SET_FD, 3 [pid 1677] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1678] <... ioctl resumed>) = 0 [pid 1678] mkdir("./file0", 0777) = 0 [pid 1678] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1678] ioctl(4, LOOP_CLR_FD) = 0 [pid 1678] close(4) = 0 [pid 1678] close(3) = 0 [pid 1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1677] <... futex resumed>) = 0 [pid 1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1677] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1678] <... futex resumed>) = 1 [pid 1678] chdir("./file0") = 0 [pid 1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1677] <... futex resumed>) = 0 [pid 1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1677] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1678] <... futex resumed>) = 1 [pid 1678] creat("./file0", 000) = 3 [pid 1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1677] <... futex resumed>) = 0 [pid 1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1677] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1677] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1677] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1681], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1681 [pid 1677] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1677] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1678] <... futex resumed>) = 1 [pid 1678] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1678] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1681 attached [pid 1681] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1681] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1681] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1677] <... futex resumed>) = 0 [pid 1677] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1677] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1678] <... futex resumed>) = 0 [pid 1678] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1678] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1677] <... futex resumed>) = 0 [pid 1677] exit_group(0) = ? [pid 1678] <... futex resumed>) = ? [pid 1678] +++ exited with 0 +++ [pid 1681] +++ exited with 0 +++ [pid 1677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1677, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./277/binderfs") = 0 [ 59.373842][ T1681] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 59.390652][ T1681] EXT4-fs (loop0): pa ffff8881db90ee70: logic 16, phys. 128, len 24 [ 59.398656][ T1681] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1682 ./strace-static-x86_64: Process 1682 attached [pid 1682] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1682] chdir("./278") = 0 [pid 1682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1682] setpgid(0, 0) = 0 [pid 1682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1682] write(3, "1000", 4) = 4 [pid 1682] close(3) = 0 [pid 1682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1682] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1682] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1682] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1683 attached , parent_tid=[1683], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1683 [pid 1683] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1682] <... futex resumed>) = 1 [pid 1683] memfd_create("syzkaller", 0 [pid 1682] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1683] <... memfd_create resumed>) = 3 [pid 1683] ftruncate(3, 2097152) = 0 [pid 1683] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1683] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1683] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1683] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1683] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1683] mkdir("./file0", 0777) = 0 [pid 1683] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1683] ioctl(4, LOOP_CLR_FD) = 0 [pid 1683] close(4) = 0 [pid 1683] close(3) = 0 [pid 1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1682] <... futex resumed>) = 0 [pid 1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1682] <... futex resumed>) = 1 [pid 1683] chdir("./file0") = 0 [pid 1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1682] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1683] <... futex resumed>) = 0 [pid 1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1682] <... futex resumed>) = 1 [pid 1683] creat("./file0", 000 [pid 1682] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1683] <... creat resumed>) = 3 [pid 1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1682] <... futex resumed>) = 0 [pid 1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1682] <... futex resumed>) = 1 [pid 1682] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1682] <... futex resumed>) = 0 [pid 1683] <... futex resumed>) = 0 [pid 1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1682] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1682] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1686 attached , parent_tid=[1686], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1686 [pid 1686] set_robust_list(0x7f01680719e0, 24 [pid 1682] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1686] <... set_robust_list resumed>) = 0 [pid 1682] <... futex resumed>) = 0 [pid 1686] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1682] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1686] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1686] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1682] <... futex resumed>) = 0 [pid 1682] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1683] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1683] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1683] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1682] <... futex resumed>) = 1 [pid 1682] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1682] exit_group(0 [pid 1683] <... futex resumed>) = ? [pid 1683] +++ exited with 0 +++ [pid 1682] <... exit_group resumed>) = ? [pid 1686] +++ exited with 0 +++ [pid 1682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1682, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./278/binderfs") = 0 [ 59.521892][ T1686] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 59.538196][ T1686] EXT4-fs (loop0): pa ffff8881db8a22a0: logic 16, phys. 128, len 24 [ 59.546240][ T1686] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1687 ./strace-static-x86_64: Process 1687 attached [pid 1687] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1687] chdir("./279") = 0 [pid 1687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1687] setpgid(0, 0) = 0 [pid 1687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1687] write(3, "1000", 4) = 4 [pid 1687] close(3) = 0 [pid 1687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1687] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1687] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1687] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1688 attached , parent_tid=[1688], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1688 [pid 1688] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1688] <... futex resumed>) = 0 [pid 1688] memfd_create("syzkaller", 0) = 3 [pid 1688] ftruncate(3, 2097152) = 0 [pid 1688] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1688] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1688] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1688] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1688] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1688] ioctl(4, LOOP_SET_FD, 3 [pid 1687] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1688] <... ioctl resumed>) = 0 [pid 1688] mkdir("./file0", 0777) = 0 [pid 1688] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1688] ioctl(4, LOOP_CLR_FD) = 0 [pid 1688] close(4) = 0 [pid 1688] close(3) = 0 [pid 1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] <... futex resumed>) = 0 [pid 1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1688] <... futex resumed>) = 0 [pid 1688] chdir("./file0") = 0 [pid 1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1687] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1688] <... futex resumed>) = 0 [pid 1688] creat("./file0", 000) = 3 [pid 1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1687] <... futex resumed>) = 0 [pid 1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1687] <... futex resumed>) = 0 [pid 1688] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1687] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1688] <... write resumed>) = 40 [pid 1687] <... futex resumed>) = 0 [pid 1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1688] <... futex resumed>) = 0 [pid 1687] <... mmap resumed>) = 0x7f0168051000 [pid 1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1687] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1691], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1691 [pid 1687] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1687] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1691 attached [pid 1691] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1691] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1691] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1687] <... futex resumed>) = 0 [pid 1691] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1688] <... futex resumed>) = 0 [pid 1688] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1688] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1688] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1687] exit_group(0) = ? [pid 1688] <... futex resumed>) = ? [pid 1688] +++ exited with 0 +++ [pid 1691] <... futex resumed>) = ? [pid 1691] +++ exited with 0 +++ [pid 1687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1687, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./279/binderfs") = 0 [ 59.662431][ T1691] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 59.679774][ T1691] EXT4-fs (loop0): pa ffff8881dba2c000: logic 16, phys. 128, len 24 [ 59.687920][ T1691] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1692 ./strace-static-x86_64: Process 1692 attached [pid 1692] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1692] chdir("./280") = 0 [pid 1692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1692] setpgid(0, 0) = 0 [pid 1692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1692] write(3, "1000", 4) = 4 [pid 1692] close(3) = 0 [pid 1692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1692] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1692] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1692] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1693], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1693 [pid 1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1692] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1693 attached [pid 1693] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1693] memfd_create("syzkaller", 0) = 3 [pid 1693] ftruncate(3, 2097152) = 0 [pid 1693] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1693] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1693] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1693] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1693] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1693] mkdir("./file0", 0777) = 0 [pid 1693] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1693] ioctl(4, LOOP_CLR_FD) = 0 [pid 1693] close(4) = 0 [pid 1693] close(3) = 0 [pid 1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1692] <... futex resumed>) = 0 [pid 1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1693] <... futex resumed>) = 0 [pid 1693] chdir("./file0") = 0 [pid 1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1692] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1692] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1693] <... futex resumed>) = 0 [pid 1693] creat("./file0", 000) = 3 [pid 1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1692] <... futex resumed>) = 0 [pid 1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1693] <... futex resumed>) = 0 [pid 1693] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1692] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1692] <... futex resumed>) = 0 [pid 1693] <... futex resumed>) = 0 [pid 1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1692] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1692] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1696 attached , parent_tid=[1696], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1696 [pid 1696] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1696] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1692] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1696] <... futex resumed>) = 0 [pid 1696] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1692] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1696] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1696] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1692] <... futex resumed>) = 0 [pid 1696] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1692] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1693] <... futex resumed>) = 0 [pid 1692] <... futex resumed>) = 1 [pid 1693] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1692] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1693] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1693] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1692] <... futex resumed>) = 0 [pid 1693] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1692] exit_group(0) = ? [pid 1693] <... futex resumed>) = ? [pid 1693] +++ exited with 0 +++ [pid 1696] <... futex resumed>) = ? [pid 1696] +++ exited with 0 +++ [pid 1692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1692, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./280/binderfs") = 0 [ 59.857757][ T1696] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 59.874807][ T1696] EXT4-fs (loop0): pa ffff8881dba2c0a8: logic 16, phys. 128, len 24 [ 59.882863][ T1696] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1697 ./strace-static-x86_64: Process 1697 attached [pid 1697] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1697] chdir("./281") = 0 [pid 1697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1697] setpgid(0, 0) = 0 [pid 1697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1697] write(3, "1000", 4) = 4 [pid 1697] close(3) = 0 [pid 1697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1697] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1697] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1697] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1698 attached , parent_tid=[1698], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1698 [pid 1698] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1698] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1698] <... futex resumed>) = 0 [pid 1698] memfd_create("syzkaller", 0 [pid 1697] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1698] <... memfd_create resumed>) = 3 [pid 1698] ftruncate(3, 2097152) = 0 [pid 1698] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1698] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1698] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1698] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1698] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1698] mkdir("./file0", 0777) = 0 [pid 1698] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1698] ioctl(4, LOOP_CLR_FD) = 0 [pid 1698] close(4) = 0 [pid 1698] close(3) = 0 [pid 1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1698] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] <... futex resumed>) = 0 [pid 1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1697] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] <... futex resumed>) = 0 [pid 1698] chdir("./file0") = 0 [pid 1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1698] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] <... futex resumed>) = 0 [pid 1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1698] <... futex resumed>) = 0 [pid 1697] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] creat("./file0", 000) = 3 [pid 1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1697] <... futex resumed>) = 0 [pid 1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1697] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1698] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1697] <... futex resumed>) = 0 [pid 1697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1698] <... write resumed>) = 40 [pid 1697] <... mmap resumed>) = 0x7f0168051000 [pid 1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1698] <... futex resumed>) = 0 [pid 1698] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] <... mprotect resumed>) = 0 [pid 1697] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1701], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1701 [pid 1697] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1697] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1701 attached [pid 1701] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1701] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1701] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1697] <... futex resumed>) = 0 [pid 1697] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1697] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1701] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1698] <... futex resumed>) = 0 [pid 1698] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1698] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... futex resumed>) = 0 [pid 1697] exit_group(0) = ? [pid 1701] <... futex resumed>) = ? [pid 1698] <... futex resumed>) = ? [pid 1698] +++ exited with 0 +++ [pid 1701] +++ exited with 0 +++ [pid 1697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1697, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./281/binderfs") = 0 [ 60.018541][ T1701] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 60.035719][ T1701] EXT4-fs (loop0): pa ffff8881db8a27e0: logic 16, phys. 128, len 24 [ 60.043738][ T1701] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1702 ./strace-static-x86_64: Process 1702 attached [pid 1702] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1702] chdir("./282") = 0 [pid 1702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1702] setpgid(0, 0) = 0 [pid 1702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1702] write(3, "1000", 4) = 4 [pid 1702] close(3) = 0 [pid 1702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1702] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1702] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1702] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1703 attached , parent_tid=[1703], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1703 [pid 1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1702] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1703] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1703] memfd_create("syzkaller", 0) = 3 [pid 1703] ftruncate(3, 2097152) = 0 [pid 1703] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1703] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1703] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1703] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1703] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1703] mkdir("./file0", 0777) = 0 [pid 1703] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1703] ioctl(4, LOOP_CLR_FD) = 0 [pid 1703] close(4) = 0 [pid 1703] close(3) = 0 [pid 1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1702] <... futex resumed>) = 0 [pid 1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1703] <... futex resumed>) = 0 [pid 1702] <... futex resumed>) = 1 [pid 1703] chdir("./file0") = 0 [pid 1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1702] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1702] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1703] <... futex resumed>) = 0 [pid 1702] <... futex resumed>) = 1 [pid 1703] creat("./file0", 000) = 3 [pid 1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1702] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1703] <... futex resumed>) = 0 [pid 1702] <... futex resumed>) = 1 [pid 1703] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1702] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1703] <... write resumed>) = 40 [pid 1702] <... futex resumed>) = 0 [pid 1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1703] <... futex resumed>) = 0 [pid 1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1702] <... mmap resumed>) = 0x7f0168051000 [pid 1702] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1702] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1706 attached [pid 1706] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1706] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1702] <... clone resumed>, parent_tid=[1706], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1706 [pid 1702] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1706] <... futex resumed>) = 0 [pid 1706] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1702] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1706] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1706] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1706] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1702] <... futex resumed>) = 0 [pid 1702] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1703] <... futex resumed>) = 0 [pid 1703] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1703] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1703] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1702] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1702] exit_group(0 [pid 1706] <... futex resumed>) = 231 [pid 1703] <... futex resumed>) = ? [pid 1706] +++ exited with 0 +++ [pid 1703] +++ exited with 0 +++ [pid 1702] <... exit_group resumed>) = ? [pid 1702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1702, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./282/binderfs") = 0 [ 60.155484][ T1706] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 60.173164][ T1702] EXT4-fs (loop0): pa ffff8881db8a2738: logic 16, phys. 128, len 24 [ 60.181264][ T1702] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1707 ./strace-static-x86_64: Process 1707 attached [pid 1707] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1707] chdir("./283") = 0 [pid 1707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1707] setpgid(0, 0) = 0 [pid 1707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1707] write(3, "1000", 4) = 4 [pid 1707] close(3) = 0 [pid 1707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1707] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1707] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1707] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1708], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1708 [pid 1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1708 attached [pid 1708] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1708] memfd_create("syzkaller", 0 [pid 1707] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1708] <... memfd_create resumed>) = 3 [pid 1708] ftruncate(3, 2097152) = 0 [pid 1708] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1708] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1708] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1708] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1708] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1708] mkdir("./file0", 0777) = 0 [pid 1708] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1708] ioctl(4, LOOP_CLR_FD) = 0 [pid 1708] close(4) = 0 [pid 1708] close(3) = 0 [pid 1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1707] <... futex resumed>) = 0 [pid 1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1707] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1708] <... futex resumed>) = 1 [pid 1708] chdir("./file0") = 0 [pid 1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1707] <... futex resumed>) = 0 [pid 1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1707] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1708] <... futex resumed>) = 1 [pid 1708] creat("./file0", 000) = 3 [pid 1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1707] <... futex resumed>) = 0 [pid 1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1707] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1707] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1707] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1711 attached , parent_tid=[1711], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1711 [pid 1707] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1707] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1711] set_robust_list(0x7f01680719e0, 24 [pid 1708] <... futex resumed>) = 1 [pid 1711] <... set_robust_list resumed>) = 0 [pid 1708] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1708] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1711] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1711] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1707] <... futex resumed>) = 0 [pid 1707] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1707] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1708] <... futex resumed>) = 0 [pid 1708] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1711] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1708] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1708] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1707] <... futex resumed>) = 0 [pid 1707] exit_group(0) = ? [pid 1711] <... futex resumed>) = ? [pid 1708] <... futex resumed>) = ? [pid 1708] +++ exited with 0 +++ [pid 1711] +++ exited with 0 +++ [pid 1707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1707, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./283/binderfs") = 0 [ 60.323036][ T1711] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 60.340032][ T1711] EXT4-fs (loop0): pa ffff8881db8a2f18: logic 16, phys. 128, len 24 [ 60.348038][ T1711] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1712 ./strace-static-x86_64: Process 1712 attached [pid 1712] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1712] chdir("./284") = 0 [pid 1712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1712] setpgid(0, 0) = 0 [pid 1712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1712] write(3, "1000", 4) = 4 [pid 1712] close(3) = 0 [pid 1712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1712] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1712] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1712] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1713 attached , parent_tid=[1713], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1713 [pid 1713] set_robust_list(0x7f01680929e0, 24 [pid 1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1713] <... set_robust_list resumed>) = 0 [pid 1712] <... futex resumed>) = 0 [pid 1712] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1713] memfd_create("syzkaller", 0) = 3 [pid 1713] ftruncate(3, 2097152) = 0 [pid 1713] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1713] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1713] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1713] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1713] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1713] mkdir("./file0", 0777) = 0 [pid 1713] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1713] ioctl(4, LOOP_CLR_FD) = 0 [pid 1713] close(4) = 0 [pid 1713] close(3) = 0 [pid 1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1712] <... futex resumed>) = 0 [pid 1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1712] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1713] chdir("./file0") = 0 [pid 1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1712] <... futex resumed>) = 0 [pid 1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1712] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1713] creat("./file0", 000) = 3 [pid 1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1712] <... futex resumed>) = 0 [pid 1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1712] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1712] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1712] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1716], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1716 [pid 1712] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1712] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1713] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 1716 attached [pid 1716] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1716] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1713] <... write resumed>) = 40 [pid 1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1713] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1716] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1716] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1712] <... futex resumed>) = 0 [pid 1716] <... futex resumed>) = 1 [pid 1712] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1716] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1712] <... futex resumed>) = 1 [pid 1712] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1713] <... futex resumed>) = 0 [pid 1713] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1712] <... futex resumed>) = 0 [pid 1712] exit_group(0 [pid 1716] <... futex resumed>) = ? [pid 1712] <... exit_group resumed>) = ? [pid 1716] +++ exited with 0 +++ [pid 1713] +++ exited with 0 +++ [pid 1712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1712, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./284/binderfs") = 0 [ 60.497883][ T1716] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 60.514834][ T1713] EXT4-fs (loop0): pa ffff8881db8a2a80: logic 16, phys. 128, len 24 [ 60.522873][ T1713] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1717 attached , child_tidptr=0x55555656e5d0) = 1717 [pid 1717] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1717] chdir("./285") = 0 [pid 1717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1717] setpgid(0, 0) = 0 [pid 1717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1717] write(3, "1000", 4) = 4 [pid 1717] close(3) = 0 [pid 1717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1717] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1717] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1717] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1718 attached , parent_tid=[1718], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1718 [pid 1718] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1718] <... futex resumed>) = 0 [pid 1717] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1718] memfd_create("syzkaller", 0) = 3 [pid 1718] ftruncate(3, 2097152) = 0 [pid 1718] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1718] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1718] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1718] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1718] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1718] mkdir("./file0", 0777) = 0 [pid 1718] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1718] ioctl(4, LOOP_CLR_FD) = 0 [pid 1718] close(4) = 0 [pid 1718] close(3) = 0 [pid 1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1717] <... futex resumed>) = 0 [pid 1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1718] <... futex resumed>) = 0 [pid 1717] <... futex resumed>) = 1 [pid 1718] chdir("./file0" [pid 1717] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1718] <... chdir resumed>) = 0 [pid 1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1717] <... futex resumed>) = 0 [pid 1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1718] <... futex resumed>) = 0 [pid 1717] <... futex resumed>) = 1 [pid 1718] creat("./file0", 000 [pid 1717] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1718] <... creat resumed>) = 3 [pid 1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1717] <... futex resumed>) = 0 [pid 1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1717] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1718] <... futex resumed>) = 0 [pid 1718] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1717] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1718] <... write resumed>) = 40 [pid 1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1717] <... mprotect resumed>) = 0 [pid 1717] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1721 attached [pid 1721] set_robust_list(0x7f01680719e0, 24 [pid 1717] <... clone resumed>, parent_tid=[1721], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1721 [pid 1721] <... set_robust_list resumed>) = 0 [pid 1717] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1721] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1717] <... futex resumed>) = 0 [pid 1717] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1721] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1721] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1717] <... futex resumed>) = 0 [pid 1721] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1717] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1718] <... futex resumed>) = 0 [pid 1717] <... futex resumed>) = 1 [pid 1718] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1717] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1718] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1717] <... futex resumed>) = 0 [pid 1718] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1717] exit_group(0 [pid 1718] <... futex resumed>) = ? [pid 1717] <... exit_group resumed>) = ? [pid 1718] +++ exited with 0 +++ [pid 1721] <... futex resumed>) = ? [pid 1721] +++ exited with 0 +++ [pid 1717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1717, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./285/binderfs") = 0 [ 60.651160][ T1721] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 60.667019][ T1721] EXT4-fs (loop0): pa ffff8881db8a29d8: logic 16, phys. 128, len 24 [ 60.675128][ T1721] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1722 ./strace-static-x86_64: Process 1722 attached [pid 1722] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1722] chdir("./286") = 0 [pid 1722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1722] setpgid(0, 0) = 0 [pid 1722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1722] write(3, "1000", 4) = 4 [pid 1722] close(3) = 0 [pid 1722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1722] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1722] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1722] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1723], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1723 [pid 1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1723 attached [pid 1723] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1723] memfd_create("syzkaller", 0) = 3 [pid 1723] ftruncate(3, 2097152) = 0 [pid 1723] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1723] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1723] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1723] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1723] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1723] mkdir("./file0", 0777) = 0 [pid 1723] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1723] ioctl(4, LOOP_CLR_FD) = 0 [pid 1723] close(4) = 0 [pid 1723] close(3) = 0 [pid 1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1722] <... futex resumed>) = 0 [pid 1723] <... futex resumed>) = 1 [pid 1723] chdir("./file0" [pid 1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1723] <... chdir resumed>) = 0 [pid 1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1722] <... futex resumed>) = 0 [pid 1723] creat("./file0", 000 [pid 1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1723] <... creat resumed>) = 3 [pid 1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1722] <... futex resumed>) = 0 [pid 1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1722] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1722] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1723] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1722] <... clone resumed>, parent_tid=[1726], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1726 [pid 1723] <... futex resumed>) = 0 [pid 1722] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1723] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1722] <... futex resumed>) = 0 [pid 1722] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1726 attached [pid 1726] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1726] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1726] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1722] <... futex resumed>) = 0 [pid 1726] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1722] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1723] <... futex resumed>) = 0 [pid 1723] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1723] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1722] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1722] exit_group(0 [pid 1726] <... futex resumed>) = ? [pid 1723] <... futex resumed>) = ? [pid 1722] <... exit_group resumed>) = ? [pid 1723] +++ exited with 0 +++ [pid 1726] +++ exited with 0 +++ [pid 1722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1722, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./286/binderfs") = 0 [ 60.791950][ T1726] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 60.809603][ T1726] EXT4-fs (loop0): pa ffff8881db8a2bd0: logic 16, phys. 128, len 24 [ 60.817632][ T1726] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1727 ./strace-static-x86_64: Process 1727 attached [pid 1727] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1727] chdir("./287") = 0 [pid 1727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1727] setpgid(0, 0) = 0 [pid 1727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1727] write(3, "1000", 4) = 4 [pid 1727] close(3) = 0 [pid 1727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1727] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1727] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1727] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1728], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1728 ./strace-static-x86_64: Process 1728 attached [pid 1727] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1727] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1728] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1728] memfd_create("syzkaller", 0) = 3 [pid 1728] ftruncate(3, 2097152) = 0 [pid 1728] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1728] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1728] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1728] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1728] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1728] mkdir("./file0", 0777) = 0 [pid 1728] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1728] ioctl(4, LOOP_CLR_FD) = 0 [pid 1728] close(4) = 0 [pid 1728] close(3) = 0 [pid 1728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1727] <... futex resumed>) = 0 [pid 1727] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1727] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1728] <... futex resumed>) = 1 [pid 1728] chdir("./file0") = 0 [pid 1728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1727] <... futex resumed>) = 0 [pid 1728] <... futex resumed>) = 1 [pid 1727] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1727] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1728] creat("./file0", 000) = 3 [pid 1728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1727] <... futex resumed>) = 0 [pid 1727] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1727] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1727] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1727] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1731], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1731 [pid 1727] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1731 attached ) = 0 [pid 1731] set_robust_list(0x7f01680719e0, 24 [pid 1727] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1731] <... set_robust_list resumed>) = 0 [pid 1731] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1728] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1731] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1731] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1727] <... futex resumed>) = 0 [pid 1731] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1727] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1731] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1727] <... futex resumed>) = 0 [pid 1731] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1727] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1731] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1727] <... futex resumed>) = 0 [pid 1731] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1728] <... write resumed>) = 40 [pid 1728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1728] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1727] exit_group(0) = ? [pid 1731] <... futex resumed>) = ? [pid 1731] +++ exited with 0 +++ [pid 1728] <... futex resumed>) = ? [pid 1728] +++ exited with 0 +++ [pid 1727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1727, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./287/binderfs") = 0 [ 60.963405][ T1731] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1732 ./strace-static-x86_64: Process 1732 attached [pid 1732] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1732] chdir("./288") = 0 [pid 1732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1732] setpgid(0, 0) = 0 [pid 1732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1732] write(3, "1000", 4) = 4 [pid 1732] close(3) = 0 [pid 1732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1732] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1732] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1732] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1733], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1733 [pid 1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1733 attached [pid 1733] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1733] memfd_create("syzkaller", 0) = 3 [pid 1733] ftruncate(3, 2097152) = 0 [pid 1733] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1733] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1733] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1733] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1733] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1733] mkdir("./file0", 0777) = 0 [pid 1733] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1733] ioctl(4, LOOP_CLR_FD) = 0 [pid 1733] close(4) = 0 [pid 1733] close(3) = 0 [pid 1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1732] <... futex resumed>) = 0 [pid 1733] chdir("./file0" [pid 1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1733] <... chdir resumed>) = 0 [pid 1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1733] <... futex resumed>) = 0 [pid 1732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1733] creat("./file0", 000 [pid 1732] <... futex resumed>) = 0 [pid 1732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1733] <... creat resumed>) = 3 [pid 1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1732] <... futex resumed>) = 0 [pid 1733] <... futex resumed>) = 1 [pid 1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1733] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1732] <... futex resumed>) = 0 [pid 1732] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1732] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1732] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1736 attached [pid 1736] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1732] <... clone resumed>, parent_tid=[1736], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1736 [pid 1736] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1732] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1732] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1733] <... write resumed>) = 40 [pid 1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1733] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1736] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1736] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1732] <... futex resumed>) = 0 [pid 1736] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1733] <... futex resumed>) = 0 [pid 1733] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1732] <... futex resumed>) = 0 [pid 1733] <... futex resumed>) = 1 [pid 1733] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1732] exit_group(0) = ? [pid 1733] <... futex resumed>) = ? [pid 1736] <... futex resumed>) = ? [pid 1736] +++ exited with 0 +++ [pid 1733] +++ exited with 0 +++ [pid 1732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1732, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./288/binderfs") = 0 [ 61.063593][ T1736] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 61.082224][ T1733] EXT4-fs (loop0): pa ffff8881db8a2888: logic 16, phys. 128, len 24 [ 61.090292][ T1733] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1737 attached [pid 1737] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1737] chdir("./289") = 0 [pid 1737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1737] setpgid(0, 0) = 0 [pid 1737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1737] write(3, "1000", 4) = 4 [pid 1737] close(3) = 0 [pid 1737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1737] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1737] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1737] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1738], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1738 [pid 1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1738 attached [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1737 [pid 1738] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1738] memfd_create("syzkaller", 0) = 3 [pid 1738] ftruncate(3, 2097152) = 0 [pid 1738] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1738] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1738] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1738] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1738] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1738] mkdir("./file0", 0777) = 0 [pid 1738] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1738] ioctl(4, LOOP_CLR_FD) = 0 [pid 1738] close(4) = 0 [pid 1738] close(3) = 0 [pid 1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] <... futex resumed>) = 1 [pid 1738] chdir("./file0") = 0 [pid 1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] <... futex resumed>) = 1 [pid 1738] creat("./file0", 000) = 3 [pid 1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1737] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1737] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1741], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1741 [pid 1737] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] <... futex resumed>) = 1 [pid 1738] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1738] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1741 attached [pid 1741] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1741] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1741] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] <... futex resumed>) = 0 [pid 1738] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1737] <... futex resumed>) = 0 [pid 1737] exit_group(0) = ? [pid 1738] <... futex resumed>) = ? [pid 1738] +++ exited with 0 +++ [pid 1741] +++ exited with 0 +++ [pid 1737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1737, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./289/binderfs") = 0 [ 61.254567][ T1741] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 61.271273][ T1741] EXT4-fs (loop0): pa ffff8881dba2c5e8: logic 16, phys. 128, len 24 [ 61.279258][ T1741] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1742 ./strace-static-x86_64: Process 1742 attached [pid 1742] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1742] chdir("./290") = 0 [pid 1742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1742] setpgid(0, 0) = 0 [pid 1742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1742] write(3, "1000", 4) = 4 [pid 1742] close(3) = 0 [pid 1742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1742] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1742] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1742] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1743 attached [pid 1743] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1743] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1742] <... clone resumed>, parent_tid=[1743], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1743 [pid 1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1742] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1743] <... futex resumed>) = 0 [pid 1743] memfd_create("syzkaller", 0) = 3 [pid 1743] ftruncate(3, 2097152) = 0 [pid 1743] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1743] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1743] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1743] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1743] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1743] mkdir("./file0", 0777) = 0 [pid 1743] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1743] ioctl(4, LOOP_CLR_FD) = 0 [pid 1743] close(4) = 0 [pid 1743] close(3) = 0 [pid 1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1743] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1742] <... futex resumed>) = 0 [pid 1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1742] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1743] <... futex resumed>) = 0 [pid 1743] chdir("./file0") = 0 [pid 1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1742] <... futex resumed>) = 0 [pid 1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1742] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1743] creat("./file0", 000) = 3 [pid 1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1742] <... futex resumed>) = 0 [pid 1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1742] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1742] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1742] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1746], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1746 [pid 1742] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1742] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1743] <... futex resumed>) = 1 [pid 1743] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1743] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1746 attached [pid 1746] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1746] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1746] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1742] <... futex resumed>) = 0 [pid 1742] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1742] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1743] <... futex resumed>) = 0 [pid 1743] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1746] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1743] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1742] <... futex resumed>) = 0 [pid 1742] exit_group(0) = ? [pid 1746] <... futex resumed>) = ? [pid 1743] <... futex resumed>) = ? [pid 1743] +++ exited with 0 +++ [pid 1746] +++ exited with 0 +++ [pid 1742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1742, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./290/binderfs") = 0 [ 61.403954][ T1746] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 61.421384][ T1746] EXT4-fs (loop0): pa ffff8881db8a2540: logic 16, phys. 128, len 24 [ 61.429489][ T1746] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1747 ./strace-static-x86_64: Process 1747 attached [pid 1747] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1747] chdir("./291") = 0 [pid 1747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1747] setpgid(0, 0) = 0 [pid 1747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1747] write(3, "1000", 4) = 4 [pid 1747] close(3) = 0 [pid 1747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1747] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1747] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1747] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1748], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1748 [pid 1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1747] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1748 attached [pid 1748] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1748] memfd_create("syzkaller", 0) = 3 [pid 1748] ftruncate(3, 2097152) = 0 [pid 1748] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1748] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1748] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1748] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1748] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1748] mkdir("./file0", 0777) = 0 [pid 1748] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1748] ioctl(4, LOOP_CLR_FD) = 0 [pid 1748] close(4) = 0 [pid 1748] close(3) = 0 [pid 1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1747] <... futex resumed>) = 0 [pid 1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1747] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1748] <... futex resumed>) = 1 [pid 1748] chdir("./file0") = 0 [pid 1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1747] <... futex resumed>) = 0 [pid 1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1747] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1748] <... futex resumed>) = 1 [pid 1748] creat("./file0", 000) = 3 [pid 1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1747] <... futex resumed>) = 0 [pid 1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1747] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1747] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1747] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1751 attached , parent_tid=[1751], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1751 [pid 1747] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1747] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1751] set_robust_list(0x7f01680719e0, 24 [pid 1748] <... futex resumed>) = 1 [pid 1751] <... set_robust_list resumed>) = 0 [pid 1748] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1748] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1751] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1751] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1747] <... futex resumed>) = 0 [pid 1747] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1747] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1748] <... futex resumed>) = 0 [pid 1748] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1751] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1748] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1748] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1747] <... futex resumed>) = 0 [pid 1747] exit_group(0) = ? [pid 1751] <... futex resumed>) = ? [pid 1748] <... futex resumed>) = ? [pid 1748] +++ exited with 0 +++ [pid 1751] +++ exited with 0 +++ [pid 1747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1747, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./291/binderfs") = 0 [ 61.519918][ T1751] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 61.536886][ T1751] EXT4-fs (loop0): pa ffff8881db8a2150: logic 16, phys. 128, len 24 [ 61.544897][ T1751] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1752 ./strace-static-x86_64: Process 1752 attached [pid 1752] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1752] chdir("./292") = 0 [pid 1752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1752] setpgid(0, 0) = 0 [pid 1752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1752] write(3, "1000", 4) = 4 [pid 1752] close(3) = 0 [pid 1752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1752] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1752] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1752] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1753], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1753 [pid 1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1753 attached [pid 1753] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1753] memfd_create("syzkaller", 0) = 3 [pid 1753] ftruncate(3, 2097152) = 0 [pid 1753] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1753] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1753] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1753] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1753] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1753] mkdir("./file0", 0777) = 0 [pid 1753] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1753] ioctl(4, LOOP_CLR_FD) = 0 [pid 1753] close(4) = 0 [pid 1753] close(3) = 0 [pid 1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... futex resumed>) = 0 [pid 1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1753] <... futex resumed>) = 1 [pid 1753] chdir("./file0") = 0 [pid 1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... futex resumed>) = 0 [pid 1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1753] <... futex resumed>) = 1 [pid 1753] creat("./file0", 000) = 3 [pid 1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... futex resumed>) = 0 [pid 1753] <... futex resumed>) = 1 [pid 1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1753] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1752] <... futex resumed>) = 0 [pid 1752] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1753] <... write resumed>) = 40 [pid 1752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... mmap resumed>) = 0x7f0168051000 [pid 1753] <... futex resumed>) = 0 [pid 1752] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1753] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1752] <... mprotect resumed>) = 0 [pid 1752] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1756], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1756 [pid 1752] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1756 attached [pid 1756] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1756] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1756] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1752] <... futex resumed>) = 0 [pid 1752] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1752] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1753] <... futex resumed>) = 0 [pid 1753] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1753] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... futex resumed>) = 0 [pid 1752] exit_group(0) = ? [pid 1753] <... futex resumed>) = ? [pid 1753] +++ exited with 0 +++ [pid 1756] +++ exited with 0 +++ [pid 1752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1752, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./292/binderfs") = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1757 ./strace-static-x86_64: Process 1757 attached [pid 1757] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1757] chdir("./293") = 0 [pid 1757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1757] setpgid(0, 0) = 0 [pid 1757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1757] write(3, "1000", 4) = 4 [pid 1757] close(3) = 0 [pid 1757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1757] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1757] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1757] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1758], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1758 [pid 1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1757] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1758 attached [pid 1758] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1758] memfd_create("syzkaller", 0) = 3 [pid 1758] ftruncate(3, 2097152) = 0 [pid 1758] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1758] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1758] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1758] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1758] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 61.628591][ T1756] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 61.646036][ T1756] EXT4-fs (loop0): pa ffff8881dba2c1f8: logic 16, phys. 128, len 24 [ 61.654036][ T1756] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 1758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1758] mkdir("./file0", 0777) = 0 [pid 1758] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1758] ioctl(4, LOOP_CLR_FD) = 0 [pid 1758] close(4) = 0 [pid 1758] close(3) = 0 [pid 1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1757] <... futex resumed>) = 0 [pid 1758] chdir("./file0" [pid 1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] <... chdir resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 1757] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1758] creat("./file0", 000 [pid 1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1757] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1758] <... creat resumed>) = 3 [pid 1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1757] <... futex resumed>) = 0 [pid 1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1757] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1757] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1757] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1761 attached , parent_tid=[1761], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1761 [pid 1761] set_robust_list(0x7f01680719e0, 24 [pid 1757] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1761] <... set_robust_list resumed>) = 0 [pid 1757] <... futex resumed>) = 0 [pid 1761] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1757] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1758] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1761] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1758] <... write resumed>) = 40 [pid 1761] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1758] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1761] <... futex resumed>) = 1 [pid 1757] <... futex resumed>) = 0 [pid 1757] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1757] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1758] <... futex resumed>) = 0 [pid 1758] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1758] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1757] <... futex resumed>) = 0 [pid 1757] exit_group(0) = ? [pid 1758] <... futex resumed>) = ? [pid 1758] +++ exited with 0 +++ [pid 1761] +++ exited with 0 +++ [pid 1757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1757, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./293/binderfs") = 0 [ 61.728304][ T1761] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1762 ./strace-static-x86_64: Process 1762 attached [pid 1762] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1762] chdir("./294") = 0 [pid 1762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1762] setpgid(0, 0) = 0 [pid 1762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1762] write(3, "1000", 4) = 4 [pid 1762] close(3) = 0 [pid 1762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1762] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1762] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1762] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1763], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1763 [pid 1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1763 attached [pid 1763] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1763] memfd_create("syzkaller", 0) = 3 [pid 1763] ftruncate(3, 2097152) = 0 [pid 1763] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1763] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1763] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1763] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1763] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1763] mkdir("./file0", 0777) = 0 [pid 1763] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1763] ioctl(4, LOOP_CLR_FD) = 0 [pid 1763] close(4) = 0 [pid 1763] close(3) = 0 [pid 1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] <... futex resumed>) = 0 [pid 1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1763] <... futex resumed>) = 1 [pid 1763] chdir("./file0") = 0 [pid 1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] <... futex resumed>) = 0 [pid 1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1763] <... futex resumed>) = 1 [pid 1763] creat("./file0", 000) = 3 [pid 1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] <... futex resumed>) = 0 [pid 1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1762] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1762] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1766], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1766 [pid 1762] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1763] <... futex resumed>) = 1 [pid 1763] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1763] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1766 attached [pid 1766] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1766] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1766] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] <... futex resumed>) = 0 [pid 1762] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] <... futex resumed>) = 0 [pid 1762] <... futex resumed>) = 1 [pid 1763] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1762] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1763] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1763] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1762] <... futex resumed>) = 0 [pid 1763] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] exit_group(0 [pid 1763] <... futex resumed>) = ? [pid 1762] <... exit_group resumed>) = ? [pid 1763] +++ exited with 0 +++ [pid 1766] <... futex resumed>) = ? [pid 1766] +++ exited with 0 +++ [pid 1762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1762, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./294/binderfs") = 0 [ 61.816811][ T1766] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 61.833040][ T1766] EXT4-fs (loop0): pa ffff8881db8a25e8: logic 16, phys. 128, len 24 [ 61.841123][ T1766] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1767 ./strace-static-x86_64: Process 1767 attached [pid 1767] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1767] chdir("./295") = 0 [pid 1767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1767] setpgid(0, 0) = 0 [pid 1767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1767] write(3, "1000", 4) = 4 [pid 1767] close(3) = 0 [pid 1767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1767] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1767] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1767] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1768 attached [pid 1768] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1768] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1767] <... clone resumed>, parent_tid=[1768], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1768 [pid 1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1768] <... futex resumed>) = 0 [pid 1767] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1768] memfd_create("syzkaller", 0) = 3 [pid 1768] ftruncate(3, 2097152) = 0 [pid 1768] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1768] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1768] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1768] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1768] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1768] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1768] mkdir("./file0", 0777) = 0 [pid 1768] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1768] ioctl(4, LOOP_CLR_FD) = 0 [pid 1768] close(4) = 0 [pid 1768] close(3) = 0 [pid 1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1767] <... futex resumed>) = 0 [pid 1768] chdir("./file0" [pid 1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1768] <... chdir resumed>) = 0 [pid 1767] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1768] <... futex resumed>) = 0 [pid 1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1768] creat("./file0", 000 [pid 1767] <... futex resumed>) = 0 [pid 1767] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1768] <... creat resumed>) = 3 [pid 1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1767] <... futex resumed>) = 0 [pid 1768] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1768] <... write resumed>) = 40 [pid 1767] <... futex resumed>) = 0 [pid 1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1767] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1768] <... futex resumed>) = 0 [pid 1767] <... futex resumed>) = 0 [pid 1768] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1767] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1767] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1771], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1771 [pid 1767] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1767] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1771 attached [pid 1771] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1771] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1771] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1767] <... futex resumed>) = 0 [pid 1767] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1767] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1768] <... futex resumed>) = 0 [pid 1768] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1768] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1767] <... futex resumed>) = 0 [pid 1767] exit_group(0) = ? [pid 1768] <... futex resumed>) = ? [pid 1768] +++ exited with 0 +++ [pid 1771] +++ exited with 0 +++ [pid 1767] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1767, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./295/binderfs") = 0 [ 61.940161][ T1771] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 61.956557][ T1771] EXT4-fs (loop0): pa ffff8881dba2c2a0: logic 16, phys. 128, len 24 [ 61.964576][ T1771] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1772 ./strace-static-x86_64: Process 1772 attached [pid 1772] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1772] chdir("./296") = 0 [pid 1772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1772] setpgid(0, 0) = 0 [pid 1772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1772] write(3, "1000", 4) = 4 [pid 1772] close(3) = 0 [pid 1772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1772] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1772] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1772] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1773 attached , parent_tid=[1773], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1773 [pid 1773] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1773] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1773] <... futex resumed>) = 0 [pid 1772] <... futex resumed>) = 1 [pid 1773] memfd_create("syzkaller", 0 [pid 1772] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1773] <... memfd_create resumed>) = 3 [pid 1773] ftruncate(3, 2097152) = 0 [pid 1773] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1773] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1773] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1773] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1773] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1773] mkdir("./file0", 0777) = 0 [pid 1773] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1773] ioctl(4, LOOP_CLR_FD) = 0 [pid 1773] close(4) = 0 [pid 1773] close(3) = 0 [pid 1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1772] <... futex resumed>) = 0 [pid 1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1772] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1773] <... futex resumed>) = 1 [pid 1773] chdir("./file0") = 0 [pid 1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1772] <... futex resumed>) = 0 [pid 1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1772] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1773] <... futex resumed>) = 1 [pid 1773] creat("./file0", 000) = 3 [pid 1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1772] <... futex resumed>) = 0 [pid 1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1772] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1772] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1772] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1776], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1776 [pid 1772] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1772] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1773] <... futex resumed>) = 1 [pid 1773] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1773] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1776 attached [pid 1776] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1776] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1776] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1772] <... futex resumed>) = 0 [pid 1776] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1772] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1773] <... futex resumed>) = 0 [pid 1772] <... futex resumed>) = 1 [pid 1773] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1772] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1773] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1773] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1772] <... futex resumed>) = 0 [pid 1773] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1772] exit_group(0 [pid 1773] <... futex resumed>) = ? [pid 1772] <... exit_group resumed>) = ? [pid 1773] +++ exited with 0 +++ [pid 1776] <... futex resumed>) = ? [pid 1776] +++ exited with 0 +++ [pid 1772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1772, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./296/binderfs") = 0 [ 62.063238][ T1776] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 62.080413][ T1776] EXT4-fs (loop0): pa ffff8881db8a2348: logic 16, phys. 128, len 24 [ 62.088384][ T1776] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1777 ./strace-static-x86_64: Process 1777 attached [pid 1777] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1777] chdir("./297") = 0 [pid 1777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1777] setpgid(0, 0) = 0 [pid 1777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1777] write(3, "1000", 4) = 4 [pid 1777] close(3) = 0 [pid 1777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1777] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1777] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1777] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1778], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1778 [pid 1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1777] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1778 attached [pid 1778] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1778] memfd_create("syzkaller", 0) = 3 [pid 1778] ftruncate(3, 2097152) = 0 [pid 1778] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1778] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1778] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1778] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1778] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1778] mkdir("./file0", 0777) = 0 [pid 1778] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1778] ioctl(4, LOOP_CLR_FD) = 0 [pid 1778] close(4) = 0 [pid 1778] close(3) = 0 [pid 1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1777] <... futex resumed>) = 0 [pid 1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1777] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1778] chdir("./file0") = 0 [pid 1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1777] <... futex resumed>) = 0 [pid 1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1777] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1778] creat("./file0", 000) = 3 [pid 1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1777] <... futex resumed>) = 0 [pid 1778] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1777] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1777] <... mmap resumed>) = 0x7f0168051000 [pid 1778] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1777] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1778] <... write resumed>) = 40 [pid 1777] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1777] <... clone resumed>, parent_tid=[1781], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1781 ./strace-static-x86_64: Process 1781 attached [pid 1778] <... futex resumed>) = 0 [pid 1777] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1777] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1781] set_robust_list(0x7f01680719e0, 24 [pid 1778] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1781] <... set_robust_list resumed>) = 0 [pid 1781] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1781] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1777] <... futex resumed>) = 0 [pid 1777] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1777] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1778] <... futex resumed>) = 0 [pid 1781] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1778] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1777] <... futex resumed>) = 0 [pid 1778] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1777] exit_group(0) = ? [pid 1781] <... futex resumed>) = ? [pid 1778] <... futex resumed>) = ? [pid 1778] +++ exited with 0 +++ [pid 1781] +++ exited with 0 +++ [pid 1777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1777, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./297/binderfs") = 0 [ 62.245706][ T1781] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 62.263195][ T1781] EXT4-fs (loop0): pa ffff8881e69febd0: logic 16, phys. 128, len 24 [ 62.271219][ T1781] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1782 ./strace-static-x86_64: Process 1782 attached [pid 1782] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1782] chdir("./298") = 0 [pid 1782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1782] setpgid(0, 0) = 0 [pid 1782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1782] write(3, "1000", 4) = 4 [pid 1782] close(3) = 0 [pid 1782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1782] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1782] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1782] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1783], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1783 [pid 1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1783 attached [pid 1783] set_robust_list(0x7f01680929e0, 24 [pid 1782] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1783] <... set_robust_list resumed>) = 0 [pid 1783] memfd_create("syzkaller", 0) = 3 [pid 1783] ftruncate(3, 2097152) = 0 [pid 1783] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1783] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1783] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1783] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1783] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1783] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1783] mkdir("./file0", 0777) = 0 [pid 1783] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1783] ioctl(4, LOOP_CLR_FD) = 0 [pid 1783] close(4) = 0 [pid 1783] close(3) = 0 [pid 1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1782] <... futex resumed>) = 0 [pid 1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1782] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1783] <... futex resumed>) = 1 [pid 1783] chdir("./file0") = 0 [pid 1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1782] <... futex resumed>) = 0 [pid 1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1782] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1783] <... futex resumed>) = 1 [pid 1783] creat("./file0", 000) = 3 [pid 1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1782] <... futex resumed>) = 0 [pid 1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1782] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1782] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1782] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1786], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1786 [pid 1782] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1782] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1783] <... futex resumed>) = 1 [pid 1783] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1783] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1786 attached [pid 1786] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1786] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1786] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1782] <... futex resumed>) = 0 [pid 1786] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1782] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1783] <... futex resumed>) = 0 [pid 1782] <... futex resumed>) = 1 [pid 1783] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1782] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1783] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1782] <... futex resumed>) = 0 [pid 1783] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1782] exit_group(0 [pid 1786] <... futex resumed>) = ? [pid 1783] <... futex resumed>) = ? [pid 1782] <... exit_group resumed>) = ? [pid 1786] +++ exited with 0 +++ [pid 1783] +++ exited with 0 +++ [pid 1782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1782, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./298/binderfs") = 0 [ 62.367575][ T1786] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 62.385021][ T1783] EXT4-fs (loop0): pa ffff8881e6911a80: logic 16, phys. 128, len 24 [ 62.393023][ T1783] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1787 ./strace-static-x86_64: Process 1787 attached [pid 1787] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1787] chdir("./299") = 0 [pid 1787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1787] setpgid(0, 0) = 0 [pid 1787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1787] write(3, "1000", 4) = 4 [pid 1787] close(3) = 0 [pid 1787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1787] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1787] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1787] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1788 attached , parent_tid=[1788], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1788 [pid 1788] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1788] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1788] <... futex resumed>) = 0 [pid 1788] memfd_create("syzkaller", 0 [pid 1787] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1788] <... memfd_create resumed>) = 3 [pid 1788] ftruncate(3, 2097152) = 0 [pid 1788] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1788] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1788] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1788] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1788] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1788] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1788] mkdir("./file0", 0777) = 0 [pid 1788] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1788] ioctl(4, LOOP_CLR_FD) = 0 [pid 1788] close(4) = 0 [pid 1788] close(3) = 0 [pid 1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1788] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1787] <... futex resumed>) = 0 [pid 1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1787] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1788] <... futex resumed>) = 0 [pid 1788] chdir("./file0") = 0 [pid 1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1787] <... futex resumed>) = 0 [pid 1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1787] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1788] creat("./file0", 000) = 3 [pid 1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1787] <... futex resumed>) = 0 [pid 1788] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1788] <... write resumed>) = 40 [pid 1787] <... futex resumed>) = 0 [pid 1787] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... mmap resumed>) = 0x7f0168051000 [pid 1787] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1788] <... futex resumed>) = 0 [pid 1787] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1788] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1791 attached [pid 1791] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1791] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1787] <... clone resumed>, parent_tid=[1791], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1791 [pid 1787] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1791] <... futex resumed>) = 0 [pid 1787] <... futex resumed>) = 1 [pid 1791] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1787] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1791] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1791] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... futex resumed>) = 0 [pid 1787] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1787] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1791] <... futex resumed>) = 1 [pid 1791] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1788] <... futex resumed>) = 0 [pid 1788] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1787] <... futex resumed>) = 0 [pid 1787] exit_group(0) = ? [pid 1791] <... futex resumed>) = ? [pid 1791] +++ exited with 0 +++ [pid 1788] +++ exited with 0 +++ [pid 1787] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1787, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./299/binderfs") = 0 [ 62.496466][ T1791] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 62.513546][ T1788] EXT4-fs (loop0): pa ffff8881e69119d8: logic 16, phys. 128, len 24 [ 62.521653][ T1788] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1792 attached [pid 1792] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1792] chdir("./300") = 0 [pid 1792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1792] setpgid(0, 0) = 0 [pid 1792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1792] write(3, "1000", 4) = 4 [pid 1792] close(3) = 0 [pid 1792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1792] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1792] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1792] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1793], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1793 [pid 1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1792] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1792 ./strace-static-x86_64: Process 1793 attached [pid 1793] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1793] memfd_create("syzkaller", 0) = 3 [pid 1793] ftruncate(3, 2097152) = 0 [pid 1793] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1793] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1793] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1793] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1793] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1793] mkdir("./file0", 0777) = 0 [pid 1793] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1793] ioctl(4, LOOP_CLR_FD) = 0 [pid 1793] close(4) = 0 [pid 1793] close(3) = 0 [pid 1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1792] <... futex resumed>) = 0 [pid 1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1792] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1793] <... futex resumed>) = 1 [pid 1793] chdir("./file0") = 0 [pid 1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1792] <... futex resumed>) = 0 [pid 1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1792] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1793] <... futex resumed>) = 1 [pid 1793] creat("./file0", 000) = 3 [pid 1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1792] <... futex resumed>) = 0 [pid 1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1792] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1792] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1792] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1796], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1796 [pid 1792] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1792] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1793] <... futex resumed>) = 1 [pid 1793] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1793] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1796 attached [pid 1796] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1796] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1796] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1792] <... futex resumed>) = 0 [pid 1792] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1792] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1793] <... futex resumed>) = 0 [pid 1793] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1792] <... futex resumed>) = 0 [pid 1792] exit_group(0) = ? [pid 1793] <... futex resumed>) = ? [pid 1793] +++ exited with 0 +++ [pid 1796] +++ exited with 0 +++ [pid 1792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1792, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./300/binderfs") = 0 [ 62.640974][ T1796] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 62.657624][ T1796] EXT4-fs (loop0): pa ffff8881dba2cf18: logic 16, phys. 128, len 24 [ 62.665680][ T1796] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1797 ./strace-static-x86_64: Process 1797 attached [pid 1797] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1797] chdir("./301") = 0 [pid 1797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1797] setpgid(0, 0) = 0 [pid 1797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1797] write(3, "1000", 4) = 4 [pid 1797] close(3) = 0 [pid 1797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1797] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1797] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1797] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1798 attached , parent_tid=[1798], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1798 [pid 1798] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1798] <... futex resumed>) = 0 [pid 1798] memfd_create("syzkaller", 0 [pid 1797] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1798] <... memfd_create resumed>) = 3 [pid 1798] ftruncate(3, 2097152) = 0 [pid 1798] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1798] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1798] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1798] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1798] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1798] mkdir("./file0", 0777) = 0 [pid 1798] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1798] ioctl(4, LOOP_CLR_FD) = 0 [pid 1798] close(4) = 0 [pid 1798] close(3) = 0 [pid 1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] <... futex resumed>) = 0 [pid 1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1798] <... futex resumed>) = 0 [pid 1798] chdir("./file0") = 0 [pid 1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1798] <... futex resumed>) = 0 [pid 1798] creat("./file0", 000 [pid 1797] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1798] <... creat resumed>) = 3 [pid 1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] <... futex resumed>) = 0 [pid 1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1797] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1798] <... futex resumed>) = 0 [pid 1798] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1797] <... futex resumed>) = 0 [pid 1797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1798] <... write resumed>) = 40 [pid 1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] <... mmap resumed>) = 0x7f0168051000 [pid 1797] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1797] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1801], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1801 [pid 1797] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1797] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1801 attached [pid 1801] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1801] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1801] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1797] <... futex resumed>) = 0 [pid 1801] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1798] <... futex resumed>) = 0 [pid 1797] <... futex resumed>) = 1 [pid 1798] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1797] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1798] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1797] <... futex resumed>) = 0 [pid 1798] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] exit_group(0 [pid 1798] <... futex resumed>) = ? [pid 1797] <... exit_group resumed>) = ? [pid 1798] +++ exited with 0 +++ [pid 1801] <... futex resumed>) = ? [pid 1801] +++ exited with 0 +++ [pid 1797] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1797, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./301/binderfs") = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 62.801148][ T1801] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 62.817775][ T1801] EXT4-fs (loop0): pa ffff8881dba2c498: logic 16, phys. 128, len 24 [ 62.825784][ T1801] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 rmdir("./301/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1802 ./strace-static-x86_64: Process 1802 attached [pid 1802] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1802] chdir("./302") = 0 [pid 1802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1802] setpgid(0, 0) = 0 [pid 1802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1802] write(3, "1000", 4) = 4 [pid 1802] close(3) = 0 [pid 1802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1802] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1802] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1802] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1803], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1803 [pid 1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1802] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1803 attached [pid 1803] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1803] memfd_create("syzkaller", 0) = 3 [pid 1803] ftruncate(3, 2097152) = 0 [pid 1803] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1803] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1803] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1803] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1803] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1803] mkdir("./file0", 0777) = 0 [pid 1803] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1803] ioctl(4, LOOP_CLR_FD) = 0 [pid 1803] close(4) = 0 [pid 1803] close(3) = 0 [pid 1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1802] <... futex resumed>) = 0 [pid 1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1803] chdir("./file0" [pid 1802] <... futex resumed>) = 0 [pid 1803] <... chdir resumed>) = 0 [pid 1802] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1803] <... futex resumed>) = 0 [pid 1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1803] creat("./file0", 000 [pid 1802] <... futex resumed>) = 0 [pid 1802] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1803] <... creat resumed>) = 3 [pid 1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1802] <... futex resumed>) = 0 [pid 1803] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1802] <... futex resumed>) = 0 [pid 1802] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1803] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1802] <... futex resumed>) = 0 [pid 1803] <... write resumed>) = 40 [pid 1802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1802] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1803] <... futex resumed>) = 0 [pid 1802] <... mprotect resumed>) = 0 [pid 1803] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1802] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1806], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1806 [pid 1802] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1802] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1806 attached [pid 1806] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1806] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1806] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1802] <... futex resumed>) = 0 [pid 1802] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1803] <... futex resumed>) = 0 [pid 1802] <... futex resumed>) = 1 [pid 1803] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1802] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1803] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1802] <... futex resumed>) = 0 [pid 1803] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1802] exit_group(0 [pid 1806] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1803] <... futex resumed>) = ? [pid 1802] <... exit_group resumed>) = ? [pid 1803] +++ exited with 0 +++ [pid 1806] <... futex resumed>) = ? [pid 1806] +++ exited with 0 +++ [pid 1802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1802, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./302/binderfs") = 0 [ 62.894033][ T1806] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 62.911240][ T1806] EXT4-fs (loop0): pa ffff8881dba2cbd0: logic 16, phys. 128, len 24 [ 62.919206][ T1806] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1807 ./strace-static-x86_64: Process 1807 attached [pid 1807] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1807] chdir("./303") = 0 [pid 1807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1807] setpgid(0, 0) = 0 [pid 1807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1807] write(3, "1000", 4) = 4 [pid 1807] close(3) = 0 [pid 1807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1807] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1807] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1807] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1808 attached , parent_tid=[1808], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1808 [pid 1808] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1808] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1808] <... futex resumed>) = 0 [pid 1808] memfd_create("syzkaller", 0) = 3 [pid 1807] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1808] ftruncate(3, 2097152) = 0 [pid 1808] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1808] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1808] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1808] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1808] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1808] mkdir("./file0", 0777) = 0 [pid 1808] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1808] ioctl(4, LOOP_CLR_FD) = 0 [pid 1808] close(4) = 0 [pid 1808] close(3) = 0 [pid 1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1807] <... futex resumed>) = 0 [pid 1808] chdir("./file0" [pid 1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1808] <... chdir resumed>) = 0 [pid 1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1807] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1808] <... futex resumed>) = 0 [pid 1807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1808] creat("./file0", 000 [pid 1807] <... futex resumed>) = 0 [pid 1807] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1808] <... creat resumed>) = 3 [pid 1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1807] <... futex resumed>) = 0 [pid 1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1808] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1807] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1807] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1807] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1811], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1811 [pid 1807] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1807] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1808] <... write resumed>) = 40 [pid 1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1808] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1811 attached [pid 1811] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1811] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1811] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1807] <... futex resumed>) = 0 [pid 1811] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1807] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1808] <... futex resumed>) = 0 [pid 1807] <... futex resumed>) = 1 [pid 1808] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1807] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1808] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1807] <... futex resumed>) = 0 [pid 1808] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1807] exit_group(0) = ? [pid 1808] <... futex resumed>) = ? [pid 1808] +++ exited with 0 +++ [pid 1811] <... futex resumed>) = ? [pid 1811] +++ exited with 0 +++ [pid 1807] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1807, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./303/binderfs") = 0 [ 63.049855][ T1811] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 63.066743][ T1811] EXT4-fs (loop0): pa ffff8881dba2c690: logic 16, phys. 128, len 24 [ 63.074793][ T1811] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1812 attached , child_tidptr=0x55555656e5d0) = 1812 [pid 1812] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1812] chdir("./304") = 0 [pid 1812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1812] setpgid(0, 0) = 0 [pid 1812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1812] write(3, "1000", 4) = 4 [pid 1812] close(3) = 0 [pid 1812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1812] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1812] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1812] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1813 attached , parent_tid=[1813], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1813 [pid 1813] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1813] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1813] <... futex resumed>) = 0 [pid 1812] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1813] memfd_create("syzkaller", 0) = 3 [pid 1813] ftruncate(3, 2097152) = 0 [pid 1813] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1813] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1813] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1813] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1813] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1813] mkdir("./file0", 0777) = 0 [pid 1813] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1813] ioctl(4, LOOP_CLR_FD) = 0 [pid 1813] close(4) = 0 [pid 1813] close(3) = 0 [pid 1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1813] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] <... futex resumed>) = 0 [pid 1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1813] <... futex resumed>) = 0 [pid 1812] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1813] chdir("./file0") = 0 [pid 1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1812] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1813] <... futex resumed>) = 0 [pid 1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1813] creat("./file0", 000 [pid 1812] <... futex resumed>) = 0 [pid 1812] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1813] <... creat resumed>) = 3 [pid 1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1812] <... futex resumed>) = 0 [pid 1813] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1813] <... write resumed>) = 40 [pid 1812] <... futex resumed>) = 0 [pid 1812] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1812] <... futex resumed>) = 0 [pid 1813] <... futex resumed>) = 0 [pid 1812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1813] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] <... mmap resumed>) = 0x7f0168051000 [pid 1812] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1812] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1816 attached , parent_tid=[1816], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1816 [pid 1812] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1816] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1816] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1812] <... futex resumed>) = 0 [pid 1812] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1816] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1816] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1812] <... futex resumed>) = 0 [pid 1816] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1813] <... futex resumed>) = 0 [pid 1812] <... futex resumed>) = 1 [pid 1813] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1812] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1813] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1812] <... futex resumed>) = 0 [pid 1813] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1812] exit_group(0 [pid 1813] <... futex resumed>) = ? [pid 1812] <... exit_group resumed>) = ? [pid 1813] +++ exited with 0 +++ [pid 1816] <... futex resumed>) = ? [pid 1816] +++ exited with 0 +++ [pid 1812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1812, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./304/binderfs") = 0 [ 63.166471][ T1816] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 63.183062][ T1816] EXT4-fs (loop0): pa ffff8881dba2cc78: logic 16, phys. 128, len 24 [ 63.191061][ T1816] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1817 ./strace-static-x86_64: Process 1817 attached [pid 1817] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1817] chdir("./305") = 0 [pid 1817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1817] setpgid(0, 0) = 0 [pid 1817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1817] write(3, "1000", 4) = 4 [pid 1817] close(3) = 0 [pid 1817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1817] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1817] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1817] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1818 attached , parent_tid=[1818], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1818 [pid 1818] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1818] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1818] <... futex resumed>) = 0 [pid 1817] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1818] memfd_create("syzkaller", 0) = 3 [pid 1818] ftruncate(3, 2097152) = 0 [pid 1818] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1818] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1818] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1818] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1818] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1818] mkdir("./file0", 0777) = 0 [pid 1818] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1818] ioctl(4, LOOP_CLR_FD) = 0 [pid 1818] close(4) = 0 [pid 1818] close(3) = 0 [pid 1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1817] <... futex resumed>) = 0 [pid 1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1817] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1818] chdir("./file0") = 0 [pid 1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1817] <... futex resumed>) = 0 [pid 1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1817] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1818] creat("./file0", 000) = 3 [pid 1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1817] <... futex resumed>) = 0 [pid 1818] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1817] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1817] <... mmap resumed>) = 0x7f0168051000 [pid 1817] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1817] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1821 attached [pid 1818] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1817] <... clone resumed>, parent_tid=[1821], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1821 [pid 1817] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1817] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] set_robust_list(0x7f01680719e0, 24 [pid 1818] <... write resumed>) = 40 [pid 1821] <... set_robust_list resumed>) = 0 [pid 1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1821] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1818] <... futex resumed>) = 0 [pid 1818] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1821] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1821] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1817] <... futex resumed>) = 0 [pid 1817] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1817] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1818] <... futex resumed>) = 0 [pid 1818] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1817] <... futex resumed>) = 0 [pid 1821] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1818] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1817] exit_group(0 [pid 1818] <... futex resumed>) = ? [pid 1817] <... exit_group resumed>) = ? [pid 1821] <... futex resumed>) = ? [pid 1818] +++ exited with 0 +++ [pid 1821] +++ exited with 0 +++ [pid 1817] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1817, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./305/binderfs") = 0 [ 63.300525][ T1821] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 63.317953][ T1821] EXT4-fs (loop0): pa ffff8881e6911888: logic 16, phys. 128, len 24 [ 63.325982][ T1821] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1822 ./strace-static-x86_64: Process 1822 attached [pid 1822] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1822] chdir("./306") = 0 [pid 1822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1822] setpgid(0, 0) = 0 [pid 1822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1822] write(3, "1000", 4) = 4 [pid 1822] close(3) = 0 [pid 1822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1822] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1822] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1822] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1823 attached [pid 1823] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1823] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1822] <... clone resumed>, parent_tid=[1823], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1823 [pid 1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1823] <... futex resumed>) = 0 [pid 1823] memfd_create("syzkaller", 0 [pid 1822] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1823] <... memfd_create resumed>) = 3 [pid 1823] ftruncate(3, 2097152) = 0 [pid 1823] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1823] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1823] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1823] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1823] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1823] mkdir("./file0", 0777) = 0 [pid 1823] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1823] ioctl(4, LOOP_CLR_FD) = 0 [pid 1823] close(4) = 0 [pid 1823] close(3) = 0 [pid 1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1823] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1822] <... futex resumed>) = 0 [pid 1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1822] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1823] <... futex resumed>) = 0 [pid 1823] chdir("./file0") = 0 [pid 1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1822] <... futex resumed>) = 0 [pid 1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1822] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1823] <... futex resumed>) = 1 [pid 1823] creat("./file0", 000) = 3 [pid 1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1822] <... futex resumed>) = 0 [pid 1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1822] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1822] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1822] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1826], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1826 [pid 1822] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1822] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1823] <... futex resumed>) = 1 [pid 1823] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1823] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1826 attached [pid 1826] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1826] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1826] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1822] <... futex resumed>) = 0 [pid 1822] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1823] <... futex resumed>) = 0 [pid 1822] <... futex resumed>) = 1 [pid 1823] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1822] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1823] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1822] <... futex resumed>) = 0 [pid 1823] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1822] exit_group(0 [pid 1823] <... futex resumed>) = ? [pid 1822] <... exit_group resumed>) = ? [pid 1823] +++ exited with 0 +++ [pid 1826] +++ exited with 0 +++ [pid 1822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1822, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./306/binderfs") = 0 [ 63.443854][ T1826] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 63.462140][ T1826] EXT4-fs (loop0): pa ffff8881e6911540: logic 16, phys. 128, len 24 [ 63.470185][ T1826] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1827 ./strace-static-x86_64: Process 1827 attached [pid 1827] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1827] chdir("./307") = 0 [pid 1827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1827] setpgid(0, 0) = 0 [pid 1827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1827] write(3, "1000", 4) = 4 [pid 1827] close(3) = 0 [pid 1827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1827] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1827] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1827] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1828 attached , parent_tid=[1828], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1828 [pid 1828] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1828] <... futex resumed>) = 0 [pid 1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1828] memfd_create("syzkaller", 0) = 3 [pid 1828] ftruncate(3, 2097152) = 0 [pid 1828] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1828] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1828] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1828] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1828] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1828] mkdir("./file0", 0777) = 0 [pid 1828] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1828] ioctl(4, LOOP_CLR_FD) = 0 [pid 1828] close(4) = 0 [pid 1828] close(3) = 0 [pid 1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] <... futex resumed>) = 0 [pid 1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1828] <... futex resumed>) = 0 [pid 1828] chdir("./file0") = 0 [pid 1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1828] <... futex resumed>) = 0 [pid 1828] creat("./file0", 000) = 3 [pid 1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1828] <... futex resumed>) = 0 [pid 1828] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1828] <... futex resumed>) = 0 [pid 1828] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] <... futex resumed>) = 0 [pid 1827] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1828] <... futex resumed>) = 0 [pid 1828] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] <... futex resumed>) = 0 [pid 1828] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1827] exit_group(0) = ? [pid 1828] <... futex resumed>) = ? [pid 1828] +++ exited with 0 +++ [pid 1827] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1827, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./307/binderfs") = 0 [ 63.562445][ T1828] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 63.578972][ T1827] EXT4-fs (loop0): pa ffff8881e6911c78: logic 16, phys. 128, len 24 [ 63.587262][ T1827] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1831 ./strace-static-x86_64: Process 1831 attached [pid 1831] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1831] chdir("./308") = 0 [pid 1831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1831] setpgid(0, 0) = 0 [pid 1831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1831] write(3, "1000", 4) = 4 [pid 1831] close(3) = 0 [pid 1831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1831] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1831] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1831] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1832], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1832 ./strace-static-x86_64: Process 1832 attached [pid 1832] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1832] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1832] <... futex resumed>) = 0 [pid 1831] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1832] memfd_create("syzkaller", 0) = 3 [pid 1832] ftruncate(3, 2097152) = 0 [pid 1832] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1832] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1832] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1832] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1832] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1832] mkdir("./file0", 0777) = 0 [pid 1832] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1832] ioctl(4, LOOP_CLR_FD) = 0 [pid 1832] close(4) = 0 [pid 1832] close(3) = 0 [pid 1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1831] <... futex resumed>) = 0 [pid 1832] chdir("./file0" [pid 1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1832] <... chdir resumed>) = 0 [pid 1831] <... futex resumed>) = 0 [pid 1831] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1832] <... futex resumed>) = 0 [pid 1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1832] creat("./file0", 000 [pid 1831] <... futex resumed>) = 0 [pid 1831] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1832] <... creat resumed>) = 3 [pid 1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1831] <... futex resumed>) = 0 [pid 1832] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1832] <... futex resumed>) = 0 [pid 1831] <... futex resumed>) = 1 [pid 1832] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1831] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1832] <... write resumed>) = 40 [pid 1831] <... futex resumed>) = 0 [pid 1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1832] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1831] <... mmap resumed>) = 0x7f0168051000 [pid 1831] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1831] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1835], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1835 [pid 1831] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1831] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1835 attached [pid 1835] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1835] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1835] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1831] <... futex resumed>) = 0 [pid 1831] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1832] <... futex resumed>) = 0 [pid 1832] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1832] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1831] <... futex resumed>) = 1 [pid 1831] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1831] exit_group(0 [pid 1832] <... futex resumed>) = ? [pid 1832] +++ exited with 0 +++ [pid 1831] <... exit_group resumed>) = ? [pid 1835] +++ exited with 0 +++ [pid 1831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1831, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./308", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./308/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./308/binderfs") = 0 [ 63.699101][ T1835] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 63.715283][ T1835] EXT4-fs (loop0): pa ffff8881dba2c930: logic 16, phys. 128, len 24 [ 63.723296][ T1835] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1836 ./strace-static-x86_64: Process 1836 attached [pid 1836] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1836] chdir("./309") = 0 [pid 1836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1836] setpgid(0, 0) = 0 [pid 1836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1836] write(3, "1000", 4) = 4 [pid 1836] close(3) = 0 [pid 1836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1836] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1836] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1836] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1837 attached , parent_tid=[1837], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1837 [pid 1837] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1837] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1837] <... futex resumed>) = 0 [pid 1837] memfd_create("syzkaller", 0) = 3 [pid 1836] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1837] ftruncate(3, 2097152) = 0 [pid 1837] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1837] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1837] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1837] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1837] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1837] mkdir("./file0", 0777) = 0 [pid 1837] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1837] ioctl(4, LOOP_CLR_FD) = 0 [pid 1837] close(4) = 0 [pid 1837] close(3) = 0 [pid 1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1837] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1836] <... futex resumed>) = 0 [pid 1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1836] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1837] <... futex resumed>) = 0 [pid 1837] chdir("./file0") = 0 [pid 1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1836] <... futex resumed>) = 0 [pid 1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1836] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1837] <... futex resumed>) = 1 [pid 1837] creat("./file0", 000) = 3 [pid 1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1836] <... futex resumed>) = 0 [pid 1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1836] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1836] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1836] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1840], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1840 [pid 1836] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1836] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1837] <... futex resumed>) = 1 [pid 1837] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1837] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1840 attached [pid 1840] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1840] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1840] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1836] <... futex resumed>) = 0 [pid 1836] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1836] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1837] <... futex resumed>) = 0 [pid 1837] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1836] <... futex resumed>) = 0 [pid 1836] exit_group(0) = ? [pid 1837] <... futex resumed>) = ? [pid 1837] +++ exited with 0 +++ [pid 1840] +++ exited with 0 +++ [pid 1836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1836, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./309", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./309/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./309/binderfs") = 0 [ 63.827010][ T1840] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 63.843337][ T1840] EXT4-fs (loop0): pa ffff8881ed9ca150: logic 16, phys. 128, len 24 [ 63.851405][ T1840] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1841 ./strace-static-x86_64: Process 1841 attached [pid 1841] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1841] chdir("./310") = 0 [pid 1841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1841] setpgid(0, 0) = 0 [pid 1841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1841] write(3, "1000", 4) = 4 [pid 1841] close(3) = 0 [pid 1841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1841] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1841] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1841] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1842 attached , parent_tid=[1842], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1842 [pid 1842] set_robust_list(0x7f01680929e0, 24 [pid 1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... set_robust_list resumed>) = 0 [pid 1841] <... futex resumed>) = 0 [pid 1841] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1842] memfd_create("syzkaller", 0) = 3 [pid 1842] ftruncate(3, 2097152) = 0 [pid 1842] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1842] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1842] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1842] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1842] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1842] mkdir("./file0", 0777) = 0 [pid 1842] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1842] ioctl(4, LOOP_CLR_FD) = 0 [pid 1842] close(4) = 0 [pid 1842] close(3) = 0 [pid 1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1841] <... futex resumed>) = 0 [pid 1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1842] <... futex resumed>) = 0 [pid 1842] chdir("./file0") = 0 [pid 1841] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... futex resumed>) = 0 [pid 1841] <... futex resumed>) = 1 [pid 1842] creat("./file0", 000 [pid 1841] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] <... creat resumed>) = 3 [pid 1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1841] <... futex resumed>) = 0 [pid 1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1842] <... futex resumed>) = 0 [pid 1841] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1842] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1841] <... mmap resumed>) = 0x7f0168051000 [pid 1841] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1842] <... write resumed>) = 40 [pid 1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1841] <... mprotect resumed>) = 0 [pid 1841] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1845 attached , parent_tid=[1845], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1845 [pid 1845] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1845] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1841] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1845] <... futex resumed>) = 0 [pid 1845] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1841] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1845] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1845] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1841] <... futex resumed>) = 0 [pid 1841] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] <... futex resumed>) = 0 [pid 1841] <... futex resumed>) = 1 [pid 1842] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1841] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1842] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1841] exit_group(0 [pid 1845] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1841] <... exit_group resumed>) = ? [pid 1842] <... futex resumed>) = ? [pid 1845] <... futex resumed>) = ? [pid 1845] +++ exited with 0 +++ [pid 1842] +++ exited with 0 +++ [pid 1841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1841, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./310", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./310/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./310/binderfs") = 0 [ 63.969546][ T1845] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 63.995750][ T1842] EXT4-fs (loop0): pa ffff8881ed9ca930: logic 16, phys. 128, len 24 [ 64.003973][ T1842] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1846 ./strace-static-x86_64: Process 1846 attached [pid 1846] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1846] chdir("./311") = 0 [pid 1846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1846] setpgid(0, 0) = 0 [pid 1846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1846] write(3, "1000", 4) = 4 [pid 1846] close(3) = 0 [pid 1846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1846] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1846] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1846] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1847 attached , parent_tid=[1847], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1847 [pid 1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1846] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1847] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1847] memfd_create("syzkaller", 0) = 3 [pid 1847] ftruncate(3, 2097152) = 0 [pid 1847] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1847] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1847] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1847] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1847] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1847] mkdir("./file0", 0777) = 0 [pid 1847] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1847] ioctl(4, LOOP_CLR_FD) = 0 [pid 1847] close(4) = 0 [pid 1847] close(3) = 0 [pid 1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1846] <... futex resumed>) = 0 [pid 1847] chdir("./file0" [pid 1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1847] <... chdir resumed>) = 0 [pid 1846] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1847] creat("./file0", 000 [pid 1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1847] <... creat resumed>) = 3 [pid 1846] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1847] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1847] <... write resumed>) = 40 [pid 1846] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1846] <... futex resumed>) = 0 [pid 1847] <... futex resumed>) = 0 [pid 1846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1847] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1846] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1850 attached [pid 1850] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1850] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] <... clone resumed>, parent_tid=[1850], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1850 [pid 1846] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1850] <... futex resumed>) = 0 [pid 1850] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1846] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1850] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1850] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1850] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] <... futex resumed>) = 0 [pid 1846] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1846] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] <... futex resumed>) = 0 [pid 1847] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1847] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] <... futex resumed>) = 0 [pid 1846] exit_group(0) = ? [pid 1850] <... futex resumed>) = ? [pid 1847] <... futex resumed>) = ? [pid 1847] +++ exited with 0 +++ [pid 1850] +++ exited with 0 +++ [pid 1846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1846, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./311", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./311/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./311/binderfs") = 0 [ 64.118659][ T1850] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 64.135013][ T1850] EXT4-fs (loop0): pa ffff8881e6911348: logic 16, phys. 128, len 24 [ 64.143043][ T1850] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1851 ./strace-static-x86_64: Process 1851 attached [pid 1851] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1851] chdir("./312") = 0 [pid 1851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1851] setpgid(0, 0) = 0 [pid 1851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1851] write(3, "1000", 4) = 4 [pid 1851] close(3) = 0 [pid 1851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1851] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1851] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1851] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1852], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1852 ./strace-static-x86_64: Process 1852 attached [pid 1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1851] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1852] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1852] memfd_create("syzkaller", 0) = 3 [pid 1852] ftruncate(3, 2097152) = 0 [pid 1852] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1852] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1852] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1852] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1852] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1852] mkdir("./file0", 0777) = 0 [pid 1852] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1852] ioctl(4, LOOP_CLR_FD) = 0 [pid 1852] close(4) = 0 [pid 1852] close(3) = 0 [pid 1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1851] <... futex resumed>) = 0 [pid 1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1851] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1852] <... futex resumed>) = 1 [pid 1852] chdir("./file0") = 0 [pid 1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1851] <... futex resumed>) = 0 [pid 1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1851] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1852] <... futex resumed>) = 1 [pid 1852] creat("./file0", 000) = 3 [pid 1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1851] <... futex resumed>) = 0 [pid 1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1851] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1851] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1851] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1855], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1855 ./strace-static-x86_64: Process 1855 attached [pid 1851] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1851] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1852] <... futex resumed>) = 1 [pid 1852] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1855] set_robust_list(0x7f01680719e0, 24 [pid 1852] <... futex resumed>) = 0 [pid 1852] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1855] <... set_robust_list resumed>) = 0 [pid 1855] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1855] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1851] <... futex resumed>) = 0 [pid 1851] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1851] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1852] <... futex resumed>) = 0 [pid 1852] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1851] <... futex resumed>) = 0 [pid 1855] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1851] exit_group(0) = ? [pid 1855] <... futex resumed>) = ? [pid 1852] <... futex resumed>) = ? [pid 1852] +++ exited with 0 +++ [pid 1855] +++ exited with 0 +++ [pid 1851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1851, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./312", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./312/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./312/binderfs") = 0 [ 64.242958][ T1855] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 64.260038][ T1855] EXT4-fs (loop0): pa ffff8881e6911150: logic 16, phys. 128, len 24 [ 64.268032][ T1855] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1856 ./strace-static-x86_64: Process 1856 attached [pid 1856] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1856] chdir("./313") = 0 [pid 1856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1856] setpgid(0, 0) = 0 [pid 1856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1856] write(3, "1000", 4) = 4 [pid 1856] close(3) = 0 [pid 1856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1856] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1856] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1856] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1857 attached , parent_tid=[1857], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1857 [pid 1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1856] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1857] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1857] memfd_create("syzkaller", 0) = 3 [pid 1857] ftruncate(3, 2097152) = 0 [pid 1857] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1857] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1857] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1857] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1857] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1857] mkdir("./file0", 0777) = 0 [pid 1857] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1857] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1857] ioctl(4, LOOP_CLR_FD) = 0 [pid 1857] close(4) = 0 [pid 1857] close(3) = 0 [pid 1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1856] <... futex resumed>) = 0 [pid 1857] chdir("./file0" [pid 1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1856] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1857] <... chdir resumed>) = 0 [pid 1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1856] <... futex resumed>) = 0 [pid 1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1857] creat("./file0", 000 [pid 1856] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1857] <... creat resumed>) = 3 [pid 1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1857] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1856] <... futex resumed>) = 0 [pid 1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1856] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1856] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1856] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1860], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1860 [pid 1856] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1856] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1857] <... futex resumed>) = 0 [pid 1857] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1857] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1860 attached [pid 1860] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1860] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1860] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1856] <... futex resumed>) = 0 [pid 1860] <... futex resumed>) = 1 [pid 1856] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1860] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1857] <... futex resumed>) = 0 [pid 1856] <... futex resumed>) = 1 [pid 1857] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1856] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1857] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1856] <... futex resumed>) = 0 [pid 1857] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1856] exit_group(0) = ? [pid 1857] <... futex resumed>) = 231 [pid 1857] +++ exited with 0 +++ [pid 1860] <... futex resumed>) = ? [ 64.392363][ T1857] EXT4-fs mount: 152 callbacks suppressed [ 64.392370][ T1857] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 64.416392][ T1860] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 64.432638][ T1860] EXT4-fs (loop0): pa ffff8881e69110a8: logic 16, phys. 128, len 24 [pid 1860] +++ exited with 0 +++ [pid 1856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1856, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./313", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./313/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./313/binderfs") = 0 [ 64.440648][ T1860] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1861 attached , child_tidptr=0x55555656e5d0) = 1861 [pid 1861] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1861] chdir("./314") = 0 [pid 1861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1861] setpgid(0, 0) = 0 [pid 1861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1861] write(3, "1000", 4) = 4 [pid 1861] close(3) = 0 [pid 1861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1861] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1861] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1861] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1862], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1862 [pid 1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1861] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1862 attached [pid 1862] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1862] memfd_create("syzkaller", 0) = 3 [pid 1862] ftruncate(3, 2097152) = 0 [pid 1862] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1862] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1862] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1862] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1862] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1862] mkdir("./file0", 0777) = 0 [pid 1862] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1862] ioctl(4, LOOP_CLR_FD) = 0 [pid 1862] close(4) = 0 [pid 1862] close(3) = 0 [pid 1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1861] <... futex resumed>) = 0 [pid 1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1861] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1862] chdir("./file0") = 0 [pid 1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1861] <... futex resumed>) = 0 [pid 1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1861] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1862] creat("./file0", 000) = 3 [pid 1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1861] <... futex resumed>) = 0 [pid 1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1861] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1861] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1861] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1865], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1865 [pid 1861] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1861] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1862] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1862] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1865 attached [pid 1865] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1865] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1865] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1861] <... futex resumed>) = 0 [pid 1861] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1861] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1865] <... futex resumed>) = 1 [pid 1865] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1862] <... futex resumed>) = 0 [pid 1862] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1861] <... futex resumed>) = 0 [pid 1861] exit_group(0) = ? [pid 1865] <... futex resumed>) = ? [pid 1865] +++ exited with 0 +++ [ 64.524854][ T1862] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 64.542717][ T1865] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 64.560347][ T1862] EXT4-fs (loop0): pa ffff8881e69115e8: logic 16, phys. 128, len 24 [pid 1862] +++ exited with 0 +++ [pid 1861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1861, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./314", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./314/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./314/binderfs") = 0 [ 64.568502][ T1862] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1866 ./strace-static-x86_64: Process 1866 attached [pid 1866] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1866] chdir("./315") = 0 [pid 1866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1866] setpgid(0, 0) = 0 [pid 1866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1866] write(3, "1000", 4) = 4 [pid 1866] close(3) = 0 [pid 1866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1866] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1866] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1866] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1867], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1867 ./strace-static-x86_64: Process 1867 attached [pid 1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1866] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1867] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1867] memfd_create("syzkaller", 0) = 3 [pid 1867] ftruncate(3, 2097152) = 0 [pid 1867] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1867] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1867] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1867] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1867] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1867] mkdir("./file0", 0777) = 0 [pid 1867] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1867] ioctl(4, LOOP_CLR_FD) = 0 [pid 1867] close(4) = 0 [pid 1867] close(3) = 0 [pid 1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1866] <... futex resumed>) = 0 [pid 1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1866] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1867] chdir("./file0") = 0 [pid 1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1866] <... futex resumed>) = 0 [pid 1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1867] creat("./file0", 000 [pid 1866] <... futex resumed>) = 0 [pid 1866] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1867] <... creat resumed>) = 3 [pid 1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1866] <... futex resumed>) = 0 [pid 1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1866] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1867] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1866] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1866] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1870], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1870 [pid 1867] <... write resumed>) = 40 [pid 1866] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1866] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1867] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1870 attached [pid 1870] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1870] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1870] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1866] <... futex resumed>) = 0 [pid 1866] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1866] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1870] <... futex resumed>) = 1 [pid 1870] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1867] <... futex resumed>) = 0 [pid 1867] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1866] <... futex resumed>) = 0 [pid 1866] exit_group(0) = ? [pid 1867] +++ exited with 0 +++ [pid 1870] <... futex resumed>) = ? [ 64.714938][ T1867] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 64.734879][ T1870] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 64.752333][ T1870] EXT4-fs (loop0): pa ffff8881ed9cadc8: logic 16, phys. 128, len 24 [pid 1870] +++ exited with 0 +++ [pid 1866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1866, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./315", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./315/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./315/binderfs") = 0 [ 64.760331][ T1870] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1871 ./strace-static-x86_64: Process 1871 attached [pid 1871] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1871] chdir("./316") = 0 [pid 1871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1871] setpgid(0, 0) = 0 [pid 1871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1871] write(3, "1000", 4) = 4 [pid 1871] close(3) = 0 [pid 1871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1871] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1871] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1871] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1872 attached , parent_tid=[1872], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1872 [pid 1872] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1872] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1872] <... futex resumed>) = 0 [pid 1872] memfd_create("syzkaller", 0) = 3 [pid 1872] ftruncate(3, 2097152) = 0 [pid 1872] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1872] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1872] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1872] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1872] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1872] mkdir("./file0", 0777) = 0 [pid 1872] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 1871] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1872] <... mount resumed>) = 0 [pid 1872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1872] ioctl(4, LOOP_CLR_FD) = 0 [pid 1872] close(4) = 0 [pid 1872] close(3) = 0 [pid 1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] <... futex resumed>) = 0 [pid 1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1872] chdir("./file0" [pid 1871] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1872] <... chdir resumed>) = 0 [pid 1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] <... futex resumed>) = 0 [pid 1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1872] creat("./file0", 000 [pid 1871] <... futex resumed>) = 0 [pid 1871] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1872] <... creat resumed>) = 3 [pid 1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] <... futex resumed>) = 0 [pid 1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1872] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1871] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1872] <... write resumed>) = 40 [pid 1871] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1871] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1875 attached [pid 1875] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1875] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] <... clone resumed>, parent_tid=[1875], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1875 [pid 1871] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1875] <... futex resumed>) = 0 [pid 1875] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1871] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1872] <... futex resumed>) = 0 [pid 1872] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1875] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1875] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] <... futex resumed>) = 0 [pid 1875] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1871] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1872] <... futex resumed>) = 0 [pid 1872] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] <... futex resumed>) = 0 [pid 1871] exit_group(0) = ? [pid 1875] <... futex resumed>) = ? [pid 1875] +++ exited with 0 +++ [ 64.881699][ T1872] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 64.902330][ T1875] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 64.919622][ T1872] EXT4-fs (loop0): pa ffff8881e6911d20: logic 16, phys. 128, len 24 [pid 1872] +++ exited with 0 +++ [pid 1871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1871, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./316", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./316/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./316/binderfs") = 0 [ 64.927677][ T1872] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1876 ./strace-static-x86_64: Process 1876 attached [pid 1876] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1876] chdir("./317") = 0 [pid 1876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1876] setpgid(0, 0) = 0 [pid 1876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1876] write(3, "1000", 4) = 4 [pid 1876] close(3) = 0 [pid 1876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1876] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1876] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1876] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1877], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1877 ./strace-static-x86_64: Process 1877 attached [pid 1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1877] set_robust_list(0x7f01680929e0, 24 [pid 1876] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1877] <... set_robust_list resumed>) = 0 [pid 1877] memfd_create("syzkaller", 0) = 3 [pid 1877] ftruncate(3, 2097152) = 0 [pid 1877] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1877] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1877] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1877] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1877] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1877] mkdir("./file0", 0777) = 0 [pid 1877] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1877] ioctl(4, LOOP_CLR_FD) = 0 [pid 1877] close(4) = 0 [pid 1877] close(3) = 0 [pid 1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1876] <... futex resumed>) = 0 [pid 1877] <... futex resumed>) = 1 [pid 1877] chdir("./file0" [pid 1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1876] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1877] <... chdir resumed>) = 0 [pid 1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1876] <... futex resumed>) = 0 [pid 1877] creat("./file0", 000 [pid 1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1876] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1877] <... creat resumed>) = 3 [pid 1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1876] <... futex resumed>) = 0 [pid 1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1876] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1876] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1876] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1880], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1880 ./strace-static-x86_64: Process 1880 attached [pid 1876] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1880] set_robust_list(0x7f01680719e0, 24 [pid 1876] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1880] <... set_robust_list resumed>) = 0 [pid 1880] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1877] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1880] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1880] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1877] <... write resumed>) = 40 [pid 1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1877] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1876] <... futex resumed>) = 0 [pid 1876] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1876] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1877] <... futex resumed>) = 0 [pid 1877] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1876] <... futex resumed>) = 0 [pid 1876] exit_group(0) = ? [pid 1877] <... futex resumed>) = ? [pid 1877] +++ exited with 0 +++ [pid 1880] <... futex resumed>) = ? [pid 1880] +++ exited with 0 +++ [pid 1876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1876, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./317", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./317/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./317/binderfs") = 0 [ 65.074798][ T1877] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 65.096163][ T1880] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1881 ./strace-static-x86_64: Process 1881 attached [pid 1881] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1881] chdir("./318") = 0 [pid 1881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1881] setpgid(0, 0) = 0 [pid 1881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1881] write(3, "1000", 4) = 4 [pid 1881] close(3) = 0 [pid 1881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1881] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1881] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1881] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1882 attached , parent_tid=[1882], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1882 [pid 1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1881] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1882] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1882] memfd_create("syzkaller", 0) = 3 [pid 1882] ftruncate(3, 2097152) = 0 [pid 1882] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1882] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1882] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1882] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1882] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1882] mkdir("./file0", 0777) = 0 [pid 1882] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1882] ioctl(4, LOOP_CLR_FD) = 0 [pid 1882] close(4) = 0 [pid 1882] close(3) = 0 [pid 1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1881] <... futex resumed>) = 0 [pid 1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1881] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1882] <... futex resumed>) = 1 [pid 1882] chdir("./file0") = 0 [pid 1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1881] <... futex resumed>) = 0 [pid 1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1881] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1882] <... futex resumed>) = 1 [pid 1882] creat("./file0", 000) = 3 [pid 1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1881] <... futex resumed>) = 0 [pid 1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1881] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1881] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1881] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1885], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1885 [pid 1881] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1881] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1882] <... futex resumed>) = 1 [pid 1882] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1882] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1885 attached [pid 1885] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1885] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1885] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1881] <... futex resumed>) = 0 [pid 1881] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1885] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1882] <... futex resumed>) = 0 [pid 1881] <... futex resumed>) = 1 [pid 1882] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1881] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1882] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1881] <... futex resumed>) = 0 [pid 1881] exit_group(0 [pid 1885] <... futex resumed>) = 231 [pid 1881] <... exit_group resumed>) = ? [pid 1882] +++ exited with 0 +++ [ 65.196056][ T1882] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 65.213716][ T1885] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 65.231855][ T1885] EXT4-fs (loop0): pa ffff8881e6911b28: logic 16, phys. 128, len 24 [pid 1885] +++ exited with 0 +++ [pid 1881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1881, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./318", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./318/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./318/binderfs") = 0 [ 65.239836][ T1885] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1886 ./strace-static-x86_64: Process 1886 attached [pid 1886] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1886] chdir("./319") = 0 [pid 1886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1886] setpgid(0, 0) = 0 [pid 1886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1886] write(3, "1000", 4) = 4 [pid 1886] close(3) = 0 [pid 1886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1886] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1886] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1886] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1887], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1887 [pid 1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1886] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1887 attached [pid 1887] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1887] memfd_create("syzkaller", 0) = 3 [pid 1887] ftruncate(3, 2097152) = 0 [pid 1887] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1887] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1887] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1887] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1887] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1887] mkdir("./file0", 0777) = 0 [pid 1887] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1887] ioctl(4, LOOP_CLR_FD) = 0 [pid 1887] close(4) = 0 [pid 1887] close(3) = 0 [pid 1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1886] <... futex resumed>) = 0 [pid 1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1886] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1887] chdir("./file0") = 0 [pid 1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1886] <... futex resumed>) = 0 [pid 1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1886] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1887] creat("./file0", 000) = 3 [pid 1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1886] <... futex resumed>) = 0 [pid 1887] <... futex resumed>) = 1 [pid 1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1887] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1886] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1887] <... write resumed>) = 40 [pid 1886] <... mmap resumed>) = 0x7f0168051000 [pid 1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1886] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1887] <... futex resumed>) = 0 [pid 1886] <... mprotect resumed>) = 0 [pid 1886] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1890 attached [pid 1890] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1890] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1887] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1886] <... clone resumed>, parent_tid=[1890], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1890 [pid 1886] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1886] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1890] <... futex resumed>) = 0 [pid 1890] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1890] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1886] <... futex resumed>) = 0 [pid 1886] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1886] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1887] <... futex resumed>) = 0 [pid 1887] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1890] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1887] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1886] <... futex resumed>) = 0 [pid 1886] exit_group(0) = ? [pid 1890] <... futex resumed>) = ? [pid 1887] <... futex resumed>) = ? [pid 1887] +++ exited with 0 +++ [ 65.357406][ T1887] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 65.376746][ T1890] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 65.393920][ T1890] EXT4-fs (loop0): pa ffff8881e6911f18: logic 16, phys. 128, len 24 [pid 1890] +++ exited with 0 +++ [pid 1886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1886, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./319", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./319/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./319/binderfs") = 0 [ 65.401941][ T1890] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1891 ./strace-static-x86_64: Process 1891 attached [pid 1891] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1891] chdir("./320") = 0 [pid 1891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1891] setpgid(0, 0) = 0 [pid 1891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1891] write(3, "1000", 4) = 4 [pid 1891] close(3) = 0 [pid 1891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1891] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1891] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1891] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1892], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1892 ./strace-static-x86_64: Process 1892 attached [pid 1892] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1892] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1892] <... futex resumed>) = 0 [pid 1892] memfd_create("syzkaller", 0) = 3 [pid 1892] ftruncate(3, 2097152) = 0 [pid 1892] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1892] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248 [pid 1891] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1892] <... pwrite64 resumed>) = 31 [pid 1892] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1892] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1892] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1892] mkdir("./file0", 0777) = 0 [pid 1892] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1892] ioctl(4, LOOP_CLR_FD) = 0 [pid 1892] close(4) = 0 [pid 1892] close(3) = 0 [pid 1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1892] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1891] <... futex resumed>) = 0 [pid 1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1892] <... futex resumed>) = 0 [pid 1891] <... futex resumed>) = 1 [pid 1892] chdir("./file0") = 0 [pid 1891] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1892] <... futex resumed>) = 0 [pid 1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1892] creat("./file0", 000 [pid 1891] <... futex resumed>) = 0 [pid 1892] <... creat resumed>) = 3 [pid 1891] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1892] <... futex resumed>) = 0 [pid 1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1892] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1891] <... futex resumed>) = 0 [pid 1892] <... write resumed>) = 40 [pid 1891] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1891] <... futex resumed>) = 0 [pid 1892] <... futex resumed>) = 0 [pid 1891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1892] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1891] <... mmap resumed>) = 0x7f0168051000 [pid 1891] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1891] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1895], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1895 ./strace-static-x86_64: Process 1895 attached [pid 1891] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1895] set_robust_list(0x7f01680719e0, 24 [pid 1891] <... futex resumed>) = 0 [pid 1895] <... set_robust_list resumed>) = 0 [pid 1891] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1895] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1895] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1895] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1891] <... futex resumed>) = 0 [pid 1891] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1892] <... futex resumed>) = 0 [pid 1891] <... futex resumed>) = 1 [pid 1892] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1891] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1892] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1891] exit_group(0 [pid 1895] <... futex resumed>) = ? [pid 1892] <... futex resumed>) = ? [pid 1891] <... exit_group resumed>) = ? [pid 1895] +++ exited with 0 +++ [pid 1892] +++ exited with 0 +++ [ 65.490621][ T1892] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 65.505358][ T1895] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 65.523223][ T1891] EXT4-fs (loop0): pa ffff8881e69fe000: logic 16, phys. 128, len 24 [pid 1891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1891, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./320", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./320/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./320/binderfs") = 0 [ 65.531269][ T1891] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1896 attached [pid 1896] set_robust_list(0x55555656e5e0, 24 [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1896 [pid 1896] <... set_robust_list resumed>) = 0 [pid 1896] chdir("./321") = 0 [pid 1896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1896] setpgid(0, 0) = 0 [pid 1896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1896] write(3, "1000", 4) = 4 [pid 1896] close(3) = 0 [pid 1896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1896] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1896] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1896] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1897], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1897 [pid 1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1897 attached [pid 1897] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1897] memfd_create("syzkaller", 0) = 3 [pid 1897] ftruncate(3, 2097152) = 0 [pid 1897] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1897] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1897] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1897] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1897] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1897] mkdir("./file0", 0777) = 0 [pid 1897] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1897] ioctl(4, LOOP_CLR_FD) = 0 [pid 1897] close(4) = 0 [pid 1897] close(3) = 0 [pid 1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1897] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1896] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... futex resumed>) = 0 [pid 1897] chdir("./file0") = 0 [pid 1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1897] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1896] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... futex resumed>) = 0 [pid 1897] creat("./file0", 000) = 3 [pid 1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1896] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1896] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1900], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1900 [pid 1896] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... futex resumed>) = 1 [pid 1897] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1897] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1900 attached [pid 1900] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1900] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1900] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] <... futex resumed>) = 0 [pid 1896] <... futex resumed>) = 1 [pid 1897] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1896] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1896] <... futex resumed>) = 0 [pid 1897] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1896] exit_group(0 [pid 1897] <... futex resumed>) = ? [pid 1896] <... exit_group resumed>) = ? [pid 1897] +++ exited with 0 +++ [ 65.687073][ T1897] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 65.715803][ T1900] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 1900] +++ exited with 0 +++ [pid 1896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1896, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./321", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./321/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./321/binderfs") = 0 [ 65.732298][ T1900] EXT4-fs (loop0): pa ffff8881e69fedc8: logic 16, phys. 128, len 24 [ 65.740401][ T1900] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1901 ./strace-static-x86_64: Process 1901 attached [pid 1901] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1901] chdir("./322") = 0 [pid 1901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1901] setpgid(0, 0) = 0 [pid 1901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1901] write(3, "1000", 4) = 4 [pid 1901] close(3) = 0 [pid 1901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1901] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1901] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1901] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1902], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1902 [pid 1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1901] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1902 attached [pid 1902] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1902] memfd_create("syzkaller", 0) = 3 [pid 1902] ftruncate(3, 2097152) = 0 [pid 1902] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1902] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1902] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1902] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1902] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1902] mkdir("./file0", 0777) = 0 [pid 1902] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1902] ioctl(4, LOOP_CLR_FD) = 0 [pid 1902] close(4) = 0 [pid 1902] close(3) = 0 [pid 1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1901] <... futex resumed>) = 0 [pid 1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1902] chdir("./file0" [pid 1901] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1902] <... chdir resumed>) = 0 [pid 1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1901] <... futex resumed>) = 0 [pid 1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1902] creat("./file0", 000 [pid 1901] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1902] <... creat resumed>) = 3 [pid 1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1901] <... futex resumed>) = 0 [pid 1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1902] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1901] <... futex resumed>) = 0 [pid 1901] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1901] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1901] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1905 attached [pid 1905] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1905] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1901] <... clone resumed>, parent_tid=[1905], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1905 [pid 1901] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1905] <... futex resumed>) = 0 [pid 1901] <... futex resumed>) = 1 [pid 1905] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1901] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1902] <... write resumed>) = 40 [pid 1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1902] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1905] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1905] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1901] <... futex resumed>) = 0 [pid 1905] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1901] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1901] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1902] <... futex resumed>) = 0 [pid 1902] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1901] <... futex resumed>) = 0 [pid 1901] exit_group(0 [pid 1905] <... futex resumed>) = ? [pid 1901] <... exit_group resumed>) = ? [pid 1905] +++ exited with 0 +++ [ 65.867762][ T1902] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 65.894997][ T1905] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 1902] +++ exited with 0 +++ [pid 1901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1901, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./322", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./322/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./322/binderfs") = 0 [ 65.912440][ T1902] EXT4-fs (loop0): pa ffff8881e69fe5e8: logic 16, phys. 128, len 24 [ 65.920524][ T1902] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1906 ./strace-static-x86_64: Process 1906 attached [pid 1906] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1906] chdir("./323") = 0 [pid 1906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1906] setpgid(0, 0) = 0 [pid 1906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1906] write(3, "1000", 4) = 4 [pid 1906] close(3) = 0 [pid 1906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1906] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1906] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1906] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1907 attached , parent_tid=[1907], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1907 [pid 1907] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1907] <... futex resumed>) = 0 [pid 1906] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1907] memfd_create("syzkaller", 0) = 3 [pid 1907] ftruncate(3, 2097152) = 0 [pid 1907] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1907] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1907] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1907] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1907] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1907] mkdir("./file0", 0777) = 0 [pid 1907] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1907] ioctl(4, LOOP_CLR_FD) = 0 [pid 1907] close(4) = 0 [pid 1907] close(3) = 0 [pid 1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] <... futex resumed>) = 0 [pid 1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1907] <... futex resumed>) = 0 [pid 1906] <... futex resumed>) = 1 [pid 1907] chdir("./file0") = 0 [pid 1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1907] <... futex resumed>) = 0 [pid 1906] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1907] creat("./file0", 000) = 3 [pid 1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1906] <... futex resumed>) = 0 [pid 1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1906] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1907] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1906] <... futex resumed>) = 0 [pid 1906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1906] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1907] <... write resumed>) = 40 [pid 1906] <... mprotect resumed>) = 0 [pid 1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1910 attached , parent_tid=[1910], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1910 [pid 1910] set_robust_list(0x7f01680719e0, 24 [pid 1906] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1906] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1910] <... set_robust_list resumed>) = 0 [pid 1910] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1910] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1906] <... futex resumed>) = 0 [pid 1906] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1907] <... futex resumed>) = 0 [pid 1907] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1906] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1907] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1907] <... futex resumed>) = 0 [pid 1906] exit_group(0 [pid 1907] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] <... exit_group resumed>) = ? [pid 1907] <... futex resumed>) = ? [pid 1907] +++ exited with 0 +++ [ 66.013530][ T1907] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 66.029566][ T1910] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 66.045915][ T1910] EXT4-fs (loop0): pa ffff8881ed9ca2a0: logic 16, phys. 128, len 24 [pid 1910] +++ exited with 0 +++ [pid 1906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1906, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./323/binderfs") = 0 [ 66.054095][ T1910] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1911 ./strace-static-x86_64: Process 1911 attached [pid 1911] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1911] chdir("./324") = 0 [pid 1911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1911] setpgid(0, 0) = 0 [pid 1911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1911] write(3, "1000", 4) = 4 [pid 1911] close(3) = 0 [pid 1911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1911] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1911] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1911] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1912], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1912 [pid 1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1912 attached [pid 1912] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1912] memfd_create("syzkaller", 0) = 3 [pid 1912] ftruncate(3, 2097152) = 0 [pid 1912] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1912] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1912] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1912] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1912] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1912] mkdir("./file0", 0777) = 0 [pid 1912] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1912] ioctl(4, LOOP_CLR_FD) = 0 [pid 1912] close(4) = 0 [pid 1912] close(3) = 0 [pid 1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1911] <... futex resumed>) = 0 [pid 1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1912] chdir("./file0") = 0 [pid 1911] <... futex resumed>) = 0 [pid 1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1911] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1912] <... futex resumed>) = 0 [pid 1911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1912] creat("./file0", 000 [pid 1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1912] <... creat resumed>) = 3 [pid 1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1911] <... futex resumed>) = 0 [pid 1912] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1911] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1911] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1915], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1915 [pid 1911] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1911] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1912] <... write resumed>) = 40 [pid 1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1912] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1915 attached [pid 1915] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1915] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1915] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1915] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1911] <... futex resumed>) = 0 [pid 1911] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1912] <... futex resumed>) = 0 [pid 1911] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1912] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1911] <... futex resumed>) = 0 [pid 1912] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1911] exit_group(0) = ? [pid 1915] <... futex resumed>) = ? [pid 1915] +++ exited with 0 +++ [pid 1912] <... futex resumed>) = ? [ 66.204302][ T1912] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 66.225019][ T1915] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 66.241831][ T1912] EXT4-fs (loop0): pa ffff8881ed9ca7e0: logic 16, phys. 128, len 24 [pid 1912] +++ exited with 0 +++ [pid 1911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1911, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./324/binderfs") = 0 [ 66.249797][ T1912] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1916 ./strace-static-x86_64: Process 1916 attached [pid 1916] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1916] chdir("./325") = 0 [pid 1916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1916] setpgid(0, 0) = 0 [pid 1916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1916] write(3, "1000", 4) = 4 [pid 1916] close(3) = 0 [pid 1916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1916] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1916] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1916] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1917 attached [pid 1917] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1917] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1916] <... clone resumed>, parent_tid=[1917], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1917 [pid 1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1917] <... futex resumed>) = 0 [pid 1917] memfd_create("syzkaller", 0) = 3 [pid 1917] ftruncate(3, 2097152) = 0 [pid 1917] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1917] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1917] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1917] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1917] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408 [pid 1916] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1917] <... pwrite64 resumed>) = 61 [pid 1917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1917] mkdir("./file0", 0777) = 0 [pid 1917] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1917] ioctl(4, LOOP_CLR_FD) = 0 [pid 1917] close(4) = 0 [pid 1917] close(3) = 0 [pid 1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1916] <... futex resumed>) = 0 [pid 1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1916] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1917] <... futex resumed>) = 1 [pid 1917] chdir("./file0") = 0 [pid 1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1916] <... futex resumed>) = 0 [pid 1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1916] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1917] <... futex resumed>) = 1 [pid 1917] creat("./file0", 000) = 3 [pid 1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1916] <... futex resumed>) = 0 [pid 1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1916] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1916] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1916] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1920 attached , parent_tid=[1920], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1920 [pid 1916] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1916] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1917] <... futex resumed>) = 1 [pid 1917] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1920] set_robust_list(0x7f01680719e0, 24 [pid 1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1917] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1920] <... set_robust_list resumed>) = 0 [pid 1920] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1920] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1916] <... futex resumed>) = 0 [pid 1916] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1916] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1917] <... futex resumed>) = 0 [pid 1917] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1916] <... futex resumed>) = 0 [pid 1916] exit_group(0) = ? [pid 1917] <... futex resumed>) = ? [pid 1917] +++ exited with 0 +++ [ 66.343697][ T1917] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 66.367202][ T1920] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 66.384138][ T1920] EXT4-fs (loop0): pa ffff8881e69fee70: logic 16, phys. 128, len 24 [pid 1920] +++ exited with 0 +++ [pid 1916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1916, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./325/binderfs") = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1921 ./strace-static-x86_64: Process 1921 attached [pid 1921] set_robust_list(0x55555656e5e0, 24) = 0 [ 66.392142][ T1920] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 1921] chdir("./326") = 0 [pid 1921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1921] setpgid(0, 0) = 0 [pid 1921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1921] write(3, "1000", 4) = 4 [pid 1921] close(3) = 0 [pid 1921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1921] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1921] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1921] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1922 attached , parent_tid=[1922], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1922 [pid 1922] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1922] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1922] <... futex resumed>) = 0 [pid 1922] memfd_create("syzkaller", 0 [pid 1921] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1922] <... memfd_create resumed>) = 3 [pid 1922] ftruncate(3, 2097152) = 0 [pid 1922] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1922] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1922] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1922] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1922] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1922] mkdir("./file0", 0777) = 0 [pid 1922] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1922] ioctl(4, LOOP_CLR_FD) = 0 [pid 1922] close(4) = 0 [pid 1922] close(3) = 0 [pid 1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1922] <... futex resumed>) = 1 [pid 1922] chdir("./file0") = 0 [pid 1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1922] <... futex resumed>) = 1 [pid 1922] creat("./file0", 000) = 3 [pid 1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1921] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1921] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1925], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1925 [pid 1921] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1922] <... futex resumed>) = 1 [pid 1922] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1922] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1925 attached [pid 1925] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1925] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1925] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1921] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1922] <... futex resumed>) = 0 [pid 1922] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = 0 [pid 1925] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1921] exit_group(0) = ? [pid 1925] <... futex resumed>) = ? [pid 1922] <... futex resumed>) = ? [pid 1922] +++ exited with 0 +++ [ 66.467374][ T1922] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 66.484867][ T1925] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 66.501806][ T1925] EXT4-fs (loop0): pa ffff8881e69fed20: logic 16, phys. 128, len 24 [pid 1925] +++ exited with 0 +++ [pid 1921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1921, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./326/binderfs") = 0 [ 66.509799][ T1925] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1926 ./strace-static-x86_64: Process 1926 attached [pid 1926] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1926] chdir("./327") = 0 [pid 1926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1926] setpgid(0, 0) = 0 [pid 1926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1926] write(3, "1000", 4) = 4 [pid 1926] close(3) = 0 [pid 1926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1926] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1926] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1926] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1927], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1927 [pid 1926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1927 attached [pid 1926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1927] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1927] memfd_create("syzkaller", 0) = 3 [pid 1927] ftruncate(3, 2097152) = 0 [pid 1927] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1927] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1927] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1927] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1927] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1927] mkdir("./file0", 0777) = 0 [pid 1927] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1927] ioctl(4, LOOP_CLR_FD) = 0 [pid 1927] close(4) = 0 [pid 1927] close(3) = 0 [pid 1927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = 0 [pid 1927] <... futex resumed>) = 1 [pid 1927] chdir("./file0" [pid 1926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1927] <... chdir resumed>) = 0 [pid 1927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = 0 [pid 1927] <... futex resumed>) = 1 [pid 1926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1927] creat("./file0", 000) = 3 [pid 1927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1926] <... futex resumed>) = 0 [pid 1926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1926] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1926] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1930], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1930 [pid 1926] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1930 attached [pid 1930] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1930] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1927] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1930] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1930] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1926] <... futex resumed>) = 0 [pid 1930] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1926] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1926] <... futex resumed>) = 0 [pid 1930] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1926] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1930] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1930] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = 0 [pid 1930] <... futex resumed>) = 1 [pid 1930] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1927] <... write resumed>) = 40 [pid 1927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1926] exit_group(0) = ? [pid 1930] <... futex resumed>) = ? [pid 1930] +++ exited with 0 +++ [pid 1927] +++ exited with 0 +++ [pid 1926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1926, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./327/binderfs") = 0 [ 66.604946][ T1927] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 66.623918][ T1930] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1931 ./strace-static-x86_64: Process 1931 attached [pid 1931] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1931] chdir("./328") = 0 [pid 1931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1931] setpgid(0, 0) = 0 [pid 1931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1931] write(3, "1000", 4) = 4 [pid 1931] close(3) = 0 [pid 1931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1931] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1931] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1931] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1932], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1932 [pid 1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1932 attached [pid 1932] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1932] memfd_create("syzkaller", 0) = 3 [pid 1932] ftruncate(3, 2097152) = 0 [pid 1932] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1932] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1932] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1932] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1932] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1932] mkdir("./file0", 0777) = 0 [pid 1932] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1932] ioctl(4, LOOP_CLR_FD) = 0 [pid 1932] close(4) = 0 [pid 1932] close(3) = 0 [pid 1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1931] <... futex resumed>) = 0 [pid 1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1932] <... futex resumed>) = 0 [pid 1931] <... futex resumed>) = 1 [pid 1932] chdir("./file0") = 0 [pid 1931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1931] <... futex resumed>) = 0 [pid 1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1932] <... futex resumed>) = 0 [pid 1931] <... futex resumed>) = 1 [pid 1932] creat("./file0", 000 [pid 1931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1932] <... creat resumed>) = 3 [pid 1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1931] <... futex resumed>) = 0 [pid 1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1932] <... futex resumed>) = 0 [pid 1931] <... futex resumed>) = 1 [pid 1932] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1931] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1932] <... write resumed>) = 40 [pid 1931] <... futex resumed>) = 0 [pid 1931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1931] <... mmap resumed>) = 0x7f0168051000 [pid 1932] <... futex resumed>) = 0 [pid 1931] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1931] <... mprotect resumed>) = 0 [pid 1931] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1936], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1936 [pid 1931] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1931] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1936 attached [pid 1936] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1936] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1936] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1931] <... futex resumed>) = 0 [pid 1936] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1932] <... futex resumed>) = 0 [pid 1931] <... futex resumed>) = 1 [pid 1932] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1931] exit_group(0 [pid 1936] <... futex resumed>) = ? [pid 1932] <... futex resumed>) = ? [pid 1931] <... exit_group resumed>) = ? [pid 1932] +++ exited with 0 +++ [ 66.761093][ T1932] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 66.770144][ T67] cfg80211: failed to load regulatory.db [ 66.781779][ T1936] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 66.799372][ T1936] EXT4-fs (loop0): pa ffff8881e69fe2a0: logic 16, phys. 128, len 24 [pid 1936] +++ exited with 0 +++ [pid 1931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1931, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./328/binderfs") = 0 [ 66.807417][ T1936] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1937 ./strace-static-x86_64: Process 1937 attached [pid 1937] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1937] chdir("./329") = 0 [pid 1937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1937] setpgid(0, 0) = 0 [pid 1937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1937] write(3, "1000", 4) = 4 [pid 1937] close(3) = 0 [pid 1937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1937] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1937] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1937] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1938], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1938 [pid 1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1937] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1938 attached [pid 1938] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1938] memfd_create("syzkaller", 0) = 3 [pid 1938] ftruncate(3, 2097152) = 0 [pid 1938] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1938] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1938] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1938] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1938] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1938] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1938] mkdir("./file0", 0777) = 0 [pid 1938] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1938] ioctl(4, LOOP_CLR_FD) = 0 [pid 1938] close(4) = 0 [pid 1938] close(3) = 0 [pid 1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1937] <... futex resumed>) = 0 [pid 1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1938] chdir("./file0" [pid 1937] <... futex resumed>) = 0 [pid 1938] <... chdir resumed>) = 0 [pid 1937] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1937] <... futex resumed>) = 0 [pid 1938] creat("./file0", 000 [pid 1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1937] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1938] <... creat resumed>) = 3 [pid 1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1937] <... futex resumed>) = 0 [pid 1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1938] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1937] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1937] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1937] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 1938] <... write resumed>) = 40 ./strace-static-x86_64: Process 1941 attached [pid 1941] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1941] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1937] <... clone resumed>, parent_tid=[1941], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1941 [pid 1937] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1941] <... futex resumed>) = 0 [pid 1937] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1941] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1938] <... futex resumed>) = 0 [pid 1938] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1941] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1941] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1937] <... futex resumed>) = 0 [pid 1941] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1937] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1938] <... futex resumed>) = 0 [pid 1937] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1938] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1938] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1938] <... futex resumed>) = 0 [pid 1937] exit_group(0 [pid 1938] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1937] <... exit_group resumed>) = ? [pid 1941] <... futex resumed>) = ? [pid 1941] +++ exited with 0 +++ [pid 1938] <... futex resumed>) = ? [ 66.897728][ T1938] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 66.915294][ T1941] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 66.931389][ T1938] EXT4-fs (loop0): pa ffff8881e69fe738: logic 16, phys. 128, len 24 [pid 1938] +++ exited with 0 +++ [pid 1937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1937, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./329/binderfs") = 0 [ 66.939358][ T1938] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./329/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1942 ./strace-static-x86_64: Process 1942 attached [pid 1942] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1942] chdir("./330") = 0 [pid 1942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1942] setpgid(0, 0) = 0 [pid 1942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1942] write(3, "1000", 4) = 4 [pid 1942] close(3) = 0 [pid 1942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1942] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1942] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1942] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1943 attached [pid 1943] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] <... clone resumed>, parent_tid=[1943], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1943 [pid 1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] <... futex resumed>) = 0 [pid 1942] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1943] memfd_create("syzkaller", 0) = 3 [pid 1943] ftruncate(3, 2097152) = 0 [pid 1943] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1943] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1943] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1943] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1943] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1943] mkdir("./file0", 0777) = 0 [pid 1943] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1943] ioctl(4, LOOP_CLR_FD) = 0 [pid 1943] close(4) = 0 [pid 1943] close(3) = 0 [pid 1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] <... futex resumed>) = 0 [pid 1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] <... futex resumed>) = 0 [pid 1943] chdir("./file0") = 0 [pid 1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] <... futex resumed>) = 0 [pid 1943] creat("./file0", 000 [pid 1942] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1943] <... creat resumed>) = 3 [pid 1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] <... futex resumed>) = 0 [pid 1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1943] <... futex resumed>) = 0 [pid 1942] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1943] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1942] <... futex resumed>) = 0 [pid 1943] <... write resumed>) = 40 [pid 1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1942] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1942] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1946 attached , parent_tid=[1946], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1946 [pid 1946] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1946] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1946] <... futex resumed>) = 0 [pid 1942] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1946] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1946] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1946] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] <... futex resumed>) = 0 [pid 1942] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1943] <... futex resumed>) = 0 [pid 1942] <... futex resumed>) = 1 [pid 1943] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1943] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1943] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1942] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1942] exit_group(0 [pid 1943] <... futex resumed>) = ? [pid 1942] <... exit_group resumed>) = ? [pid 1943] +++ exited with 0 +++ [pid 1946] <... futex resumed>) = ? [ 67.073110][ T1943] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 67.092759][ T1946] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 67.109656][ T1946] EXT4-fs (loop0): pa ffff8881e69fea80: logic 16, phys. 128, len 24 [pid 1946] +++ exited with 0 +++ [pid 1942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1942, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./330/binderfs") = 0 [ 67.117695][ T1946] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1947 ./strace-static-x86_64: Process 1947 attached [pid 1947] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1947] chdir("./331") = 0 [pid 1947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1947] setpgid(0, 0) = 0 [pid 1947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1947] write(3, "1000", 4) = 4 [pid 1947] close(3) = 0 [pid 1947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1947] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1947] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1947] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1948 attached , parent_tid=[1948], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1948 [pid 1948] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1948] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1948] <... futex resumed>) = 0 [pid 1948] memfd_create("syzkaller", 0) = 3 [pid 1948] ftruncate(3, 2097152) = 0 [pid 1948] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1948] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1948] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1948] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1948] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1948] ioctl(4, LOOP_SET_FD, 3 [pid 1947] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1948] <... ioctl resumed>) = 0 [pid 1948] mkdir("./file0", 0777) = 0 [pid 1948] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1948] ioctl(4, LOOP_CLR_FD) = 0 [pid 1948] close(4) = 0 [pid 1948] close(3) = 0 [pid 1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] <... futex resumed>) = 0 [pid 1948] chdir("./file0" [pid 1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] <... chdir resumed>) = 0 [pid 1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1948] <... futex resumed>) = 0 [pid 1947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1948] creat("./file0", 000 [pid 1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1947] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1948] <... creat resumed>) = 3 [pid 1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] <... futex resumed>) = 0 [pid 1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1947] <... futex resumed>) = 0 [pid 1947] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] <... write resumed>) = 40 [pid 1947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... mmap resumed>) = 0x7f0168051000 [pid 1948] <... futex resumed>) = 0 [pid 1947] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1948] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1947] <... mprotect resumed>) = 0 [pid 1947] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1951 attached , parent_tid=[1951], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1951 [pid 1951] set_robust_list(0x7f01680719e0, 24 [pid 1947] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1951] <... set_robust_list resumed>) = 0 [pid 1947] <... futex resumed>) = 0 [pid 1951] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1947] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1951] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1951] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] <... futex resumed>) = 0 [pid 1951] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1947] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1948] <... futex resumed>) = 0 [pid 1948] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1948] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1947] <... futex resumed>) = 0 [pid 1947] exit_group(0 [pid 1951] <... futex resumed>) = ? [pid 1947] <... exit_group resumed>) = ? [pid 1951] +++ exited with 0 +++ [ 67.212075][ T1948] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 67.231833][ T1951] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 67.248528][ T1948] EXT4-fs (loop0): pa ffff8881e69fe9d8: logic 16, phys. 128, len 24 [pid 1948] +++ exited with 0 +++ [pid 1947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1947, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./331/binderfs") = 0 [ 67.256683][ T1948] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1952 attached [pid 1952] set_robust_list(0x55555656e5e0, 24) = 0 [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 1952 [pid 1952] chdir("./332") = 0 [pid 1952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1952] setpgid(0, 0) = 0 [pid 1952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1952] write(3, "1000", 4) = 4 [pid 1952] close(3) = 0 [pid 1952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1952] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1952] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1952] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1953 attached [pid 1953] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1953] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1952] <... clone resumed>, parent_tid=[1953], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1953 [pid 1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1953] <... futex resumed>) = 0 [pid 1952] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1953] memfd_create("syzkaller", 0) = 3 [pid 1953] ftruncate(3, 2097152) = 0 [pid 1953] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1953] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1953] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1953] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1953] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1953] mkdir("./file0", 0777) = 0 [pid 1953] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1953] ioctl(4, LOOP_CLR_FD) = 0 [pid 1953] close(4) = 0 [pid 1953] close(3) = 0 [pid 1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1953] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1952] <... futex resumed>) = 0 [pid 1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1953] <... futex resumed>) = 0 [pid 1952] <... futex resumed>) = 1 [pid 1953] chdir("./file0" [pid 1952] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1953] <... chdir resumed>) = 0 [pid 1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1952] <... futex resumed>) = 0 [pid 1953] <... futex resumed>) = 1 [pid 1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1953] creat("./file0", 000 [pid 1952] <... futex resumed>) = 0 [pid 1952] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1953] <... creat resumed>) = 3 [pid 1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1953] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1952] <... futex resumed>) = 0 [pid 1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1952] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1952] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1952] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1956 attached , parent_tid=[1956], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1956 [pid 1956] set_robust_list(0x7f01680719e0, 24 [pid 1952] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1956] <... set_robust_list resumed>) = 0 [pid 1952] <... futex resumed>) = 0 [pid 1956] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1952] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1953] <... futex resumed>) = 0 [pid 1953] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1956] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1956] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1953] <... write resumed>) = 40 [pid 1956] <... futex resumed>) = 1 [pid 1952] <... futex resumed>) = 0 [pid 1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1952] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1953] <... futex resumed>) = 0 [pid 1952] <... futex resumed>) = 0 [pid 1953] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1952] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1953] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1953] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1952] <... futex resumed>) = 0 [pid 1953] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1952] exit_group(0) = ? [pid 1953] <... futex resumed>) = ? [pid 1956] +++ exited with 0 +++ [pid 1953] +++ exited with 0 +++ [pid 1952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1952, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./332/binderfs") = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 67.352936][ T1953] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 67.368000][ T1956] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1957 ./strace-static-x86_64: Process 1957 attached [pid 1957] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1957] chdir("./333") = 0 [pid 1957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1957] setpgid(0, 0) = 0 [pid 1957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1957] write(3, "1000", 4) = 4 [pid 1957] close(3) = 0 [pid 1957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1957] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1957] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1957] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1958], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1958 ./strace-static-x86_64: Process 1958 attached [pid 1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1958] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1958] memfd_create("syzkaller", 0) = 3 [pid 1958] ftruncate(3, 2097152) = 0 [pid 1958] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1958] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1958] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1958] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1958] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1958] mkdir("./file0", 0777) = 0 [pid 1958] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1958] ioctl(4, LOOP_CLR_FD) = 0 [pid 1958] close(4) = 0 [pid 1958] close(3) = 0 [pid 1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1958] chdir("./file0") = 0 [pid 1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1958] <... futex resumed>) = 1 [pid 1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1958] creat("./file0", 000) = 3 [pid 1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1957] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1957] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1961], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1961 [pid 1957] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1957] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1961 attached [pid 1961] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1961] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1958] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1961] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1961] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1958] <... write resumed>) = 40 [pid 1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1958] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1961] <... futex resumed>) = 1 [pid 1957] <... futex resumed>) = 0 [pid 1957] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1957] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1958] <... futex resumed>) = 0 [pid 1961] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1958] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1958] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1957] <... futex resumed>) = 0 [pid 1957] exit_group(0) = ? [pid 1961] <... futex resumed>) = ? [pid 1958] <... futex resumed>) = ? [pid 1958] +++ exited with 0 +++ [pid 1961] +++ exited with 0 +++ [pid 1957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1957, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./333/binderfs") = 0 [ 67.452353][ T1958] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 67.470814][ T1961] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1962 ./strace-static-x86_64: Process 1962 attached [pid 1962] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1962] chdir("./334") = 0 [pid 1962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1962] setpgid(0, 0) = 0 [pid 1962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1962] write(3, "1000", 4) = 4 [pid 1962] close(3) = 0 [pid 1962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1962] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1962] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1962] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1963], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1963 [pid 1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1963 attached [pid 1963] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1963] memfd_create("syzkaller", 0) = 3 [pid 1963] ftruncate(3, 2097152) = 0 [pid 1963] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1963] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1963] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1963] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1963] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1963] mkdir("./file0", 0777) = 0 [pid 1963] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1963] ioctl(4, LOOP_CLR_FD) = 0 [pid 1963] close(4) = 0 [pid 1963] close(3) = 0 [pid 1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] chdir("./file0") = 0 [pid 1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] creat("./file0", 000 [pid 1962] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] <... creat resumed>) = 3 [pid 1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1962] <... futex resumed>) = 0 [pid 1963] <... futex resumed>) = 1 [pid 1963] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1962] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1962] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1966 attached , parent_tid=[1966], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1966 [pid 1966] set_robust_list(0x7f01680719e0, 24 [pid 1962] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1966] <... set_robust_list resumed>) = 0 [pid 1966] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] <... write resumed>) = 40 [pid 1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1963] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1966] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1966] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1966] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1963] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1963] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1962] <... futex resumed>) = 0 [pid 1962] exit_group(0) = ? [pid 1966] <... futex resumed>) = ? [pid 1966] +++ exited with 0 +++ [ 67.555479][ T1963] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 67.575252][ T1966] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 67.592971][ T1963] EXT4-fs (loop0): pa ffff8881e69fe690: logic 16, phys. 128, len 24 [pid 1963] +++ exited with 0 +++ [pid 1962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1962, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./334/binderfs") = 0 [ 67.600964][ T1963] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1967 ./strace-static-x86_64: Process 1967 attached [pid 1967] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1967] chdir("./335") = 0 [pid 1967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1967] setpgid(0, 0) = 0 [pid 1967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1967] write(3, "1000", 4) = 4 [pid 1967] close(3) = 0 [pid 1967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1967] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1967] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1967] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1968], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1968 ./strace-static-x86_64: Process 1968 attached [pid 1968] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1968] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1968] <... futex resumed>) = 0 [pid 1968] memfd_create("syzkaller", 0 [pid 1967] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1968] <... memfd_create resumed>) = 3 [pid 1968] ftruncate(3, 2097152) = 0 [pid 1968] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1968] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1968] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1968] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1968] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1968] mkdir("./file0", 0777) = 0 [pid 1968] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1968] ioctl(4, LOOP_CLR_FD) = 0 [pid 1968] close(4) = 0 [pid 1968] close(3) = 0 [pid 1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1967] <... futex resumed>) = 0 [pid 1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1968] chdir("./file0") = 0 [pid 1967] <... futex resumed>) = 0 [pid 1967] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1967] <... futex resumed>) = 0 [pid 1968] creat("./file0", 000 [pid 1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1967] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1968] <... creat resumed>) = 3 [pid 1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1967] <... futex resumed>) = 0 [pid 1968] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1968] <... write resumed>) = 40 [pid 1967] <... futex resumed>) = 0 [pid 1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1968] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = 0 [pid 1968] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1967] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1967] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1971 attached , parent_tid=[1971], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1971 [pid 1971] set_robust_list(0x7f01680719e0, 24 [pid 1967] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1971] <... set_robust_list resumed>) = 0 [pid 1967] <... futex resumed>) = 0 [pid 1971] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1967] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1971] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1971] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1971] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1967] <... futex resumed>) = 0 [pid 1967] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1968] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = 1 [pid 1968] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1967] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1968] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1968] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1967] <... futex resumed>) = 0 [pid 1967] exit_group(0) = ? [pid 1971] <... futex resumed>) = ? [pid 1971] +++ exited with 0 +++ [ 67.722404][ T1968] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 67.740284][ T1971] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 67.756405][ T1968] EXT4-fs (loop0): pa ffff8881ed9ca9d8: logic 16, phys. 128, len 24 [pid 1968] +++ exited with 0 +++ [pid 1967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1967, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./335/binderfs") = 0 [ 67.764432][ T1968] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1972 ./strace-static-x86_64: Process 1972 attached [pid 1972] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1972] chdir("./336") = 0 [pid 1972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1972] setpgid(0, 0) = 0 [pid 1972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1972] write(3, "1000", 4) = 4 [pid 1972] close(3) = 0 [pid 1972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1972] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1972] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1972] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1973 attached , parent_tid=[1973], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1973 [pid 1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1973] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1973] memfd_create("syzkaller", 0) = 3 [pid 1973] ftruncate(3, 2097152) = 0 [pid 1973] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1973] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1973] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1973] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1973] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1973] mkdir("./file0", 0777) = 0 [pid 1973] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1973] ioctl(4, LOOP_CLR_FD) = 0 [pid 1973] close(4) = 0 [pid 1973] close(3) = 0 [pid 1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1972] <... futex resumed>) = 0 [pid 1973] chdir("./file0" [pid 1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1973] <... chdir resumed>) = 0 [pid 1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1972] <... futex resumed>) = 0 [pid 1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1973] creat("./file0", 000) = 3 [pid 1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] <... futex resumed>) = 0 [pid 1973] <... futex resumed>) = 1 [pid 1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1972] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1972] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1976], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1976 [pid 1972] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1973] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1973] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1976 attached [pid 1976] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1976] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 1976] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1972] <... futex resumed>) = 0 [pid 1976] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1972] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1972] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1973] <... futex resumed>) = 0 [pid 1973] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1973] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1973] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1972] <... futex resumed>) = 0 [pid 1972] exit_group(0) = ? [pid 1973] <... futex resumed>) = ? [pid 1973] +++ exited with 0 +++ [pid 1976] <... futex resumed>) = ? [ 67.846524][ T1973] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 67.868155][ T1976] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 67.884485][ T1976] EXT4-fs (loop0): pa ffff8881ed9ca0a8: logic 16, phys. 128, len 24 [pid 1976] +++ exited with 0 +++ [pid 1972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1972, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./336/binderfs") = 0 [ 67.892497][ T1976] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1977 ./strace-static-x86_64: Process 1977 attached [pid 1977] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1977] chdir("./337") = 0 [pid 1977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1977] setpgid(0, 0) = 0 [pid 1977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1977] write(3, "1000", 4) = 4 [pid 1977] close(3) = 0 [pid 1977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1977] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1977] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1977] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1978 attached , parent_tid=[1978], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1978 [pid 1978] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1978] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1977] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1978] <... futex resumed>) = 0 [pid 1978] memfd_create("syzkaller", 0 [pid 1977] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1978] <... memfd_create resumed>) = 3 [pid 1978] ftruncate(3, 2097152) = 0 [pid 1978] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1978] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1978] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1978] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1978] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1978] mkdir("./file0", 0777) = 0 [pid 1978] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1978] ioctl(4, LOOP_CLR_FD) = 0 [pid 1978] close(4) = 0 [pid 1978] close(3) = 0 [pid 1978] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1978] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1977] <... futex resumed>) = 0 [pid 1977] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1977] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1978] <... futex resumed>) = 0 [pid 1978] chdir("./file0") = 0 [pid 1978] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1977] <... futex resumed>) = 0 [pid 1977] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1977] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1978] <... futex resumed>) = 1 [pid 1978] creat("./file0", 000) = 3 [pid 1978] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1977] <... futex resumed>) = 0 [pid 1977] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1977] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1977] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1977] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1981], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1981 ./strace-static-x86_64: Process 1981 attached [pid 1977] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1981] set_robust_list(0x7f01680719e0, 24 [pid 1977] <... futex resumed>) = 0 [pid 1981] <... set_robust_list resumed>) = 0 [pid 1977] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1981] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1978] <... futex resumed>) = 1 [pid 1978] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1981] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1981] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1977] <... futex resumed>) = 0 [pid 1977] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1977] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1978] <... write resumed>) = 40 [pid 1978] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1978] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1981] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1981] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1977] <... futex resumed>) = 0 [pid 1977] exit_group(0) = ? [pid 1978] <... futex resumed>) = ? [pid 1978] +++ exited with 0 +++ [pid 1981] +++ exited with 0 +++ [pid 1977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1977, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./337/binderfs") = 0 [ 67.993269][ T1978] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.009791][ T1981] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1982 ./strace-static-x86_64: Process 1982 attached [pid 1982] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1982] chdir("./338") = 0 [pid 1982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1982] setpgid(0, 0) = 0 [pid 1982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1982] write(3, "1000", 4) = 4 [pid 1982] close(3) = 0 [pid 1982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1982] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1982] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1982] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1983 attached [pid 1983] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1983] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1982] <... clone resumed>, parent_tid=[1983], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1983 [pid 1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1983] <... futex resumed>) = 0 [pid 1983] memfd_create("syzkaller", 0 [pid 1982] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1983] <... memfd_create resumed>) = 3 [pid 1983] ftruncate(3, 2097152) = 0 [pid 1983] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1983] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1983] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1983] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1983] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1983] mkdir("./file0", 0777) = 0 [pid 1983] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1983] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1983] ioctl(4, LOOP_CLR_FD) = 0 [pid 1983] close(4) = 0 [pid 1983] close(3) = 0 [pid 1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1982] <... futex resumed>) = 0 [pid 1983] <... futex resumed>) = 1 [pid 1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1983] chdir("./file0") = 0 [pid 1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1982] <... futex resumed>) = 0 [pid 1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1983] creat("./file0", 000) = 3 [pid 1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1982] <... futex resumed>) = 0 [pid 1983] <... futex resumed>) = 1 [pid 1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 1982] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1982] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1986], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1986 [pid 1982] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1983] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 1986 attached [pid 1986] set_robust_list(0x7f01680719e0, 24 [pid 1983] <... write resumed>) = 40 [pid 1986] <... set_robust_list resumed>) = 0 [pid 1986] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1983] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1986] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1986] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1982] <... futex resumed>) = 0 [pid 1982] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1982] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1983] <... futex resumed>) = 0 [pid 1983] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1983] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1982] <... futex resumed>) = 0 [pid 1982] exit_group(0) = ? [pid 1986] +++ exited with 0 +++ [pid 1983] <... futex resumed>) = ? [pid 1983] +++ exited with 0 +++ [pid 1982] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1982, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./338/binderfs") = 0 [ 68.153063][ T1983] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.171804][ T1986] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 68.187880][ T1983] EXT4-fs (loop0): pa ffff8881e69fe3f0: logic 16, phys. 128, len 24 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 68.195917][ T1983] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1987 ./strace-static-x86_64: Process 1987 attached [pid 1987] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1987] chdir("./339") = 0 [pid 1987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1987] setpgid(0, 0) = 0 [pid 1987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1987] write(3, "1000", 4) = 4 [pid 1987] close(3) = 0 [pid 1987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1987] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1987] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1987] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1988], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1988 [pid 1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1987] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 1988 attached [pid 1988] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1988] memfd_create("syzkaller", 0) = 3 [pid 1988] ftruncate(3, 2097152) = 0 [pid 1988] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1988] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1988] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1988] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1988] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1988] mkdir("./file0", 0777) = 0 [pid 1988] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1988] ioctl(4, LOOP_CLR_FD) = 0 [pid 1988] close(4) = 0 [pid 1988] close(3) = 0 [pid 1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1987] <... futex resumed>) = 0 [pid 1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] chdir("./file0") = 0 [pid 1987] <... futex resumed>) = 0 [pid 1987] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = 0 [pid 1988] creat("./file0", 000 [pid 1987] <... futex resumed>) = 0 [pid 1987] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1988] <... creat resumed>) = 3 [pid 1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1987] <... futex resumed>) = 0 [pid 1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1987] <... futex resumed>) = 0 [pid 1987] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... write resumed>) = 40 [pid 1987] <... futex resumed>) = 0 [pid 1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1988] <... futex resumed>) = 0 [pid 1987] <... mmap resumed>) = 0x7f0168051000 [pid 1987] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 1988] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1987] <... mprotect resumed>) = 0 [pid 1987] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[1991], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 1991 ./strace-static-x86_64: Process 1991 attached [pid 1987] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1991] set_robust_list(0x7f01680719e0, 24) = 0 [pid 1987] <... futex resumed>) = 0 [pid 1991] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1987] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1991] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1991] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1987] <... futex resumed>) = 0 [pid 1991] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1987] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = 0 [pid 1987] <... futex resumed>) = 1 [pid 1988] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 1987] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1988] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1988] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1987] exit_group(0 [pid 1988] <... futex resumed>) = ? [pid 1987] <... exit_group resumed>) = ? [pid 1988] +++ exited with 0 +++ [pid 1991] <... futex resumed>) = ? [ 68.261982][ T1988] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.280195][ T1991] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 68.297405][ T1991] EXT4-fs (loop0): pa ffff8881e69fe930: logic 16, phys. 128, len 24 [pid 1991] +++ exited with 0 +++ [pid 1987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1987, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./339/binderfs") = 0 [ 68.305402][ T1991] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 1992 ./strace-static-x86_64: Process 1992 attached [pid 1992] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1992] chdir("./340") = 0 [pid 1992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1992] setpgid(0, 0) = 0 [pid 1992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1992] write(3, "1000", 4) = 4 [pid 1992] close(3) = 0 [pid 1992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1992] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1992] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1992] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1993 attached [pid 1993] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1992] <... clone resumed>, parent_tid=[1993], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1993 [pid 1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1993] <... futex resumed>) = 0 [pid 1993] memfd_create("syzkaller", 0 [pid 1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1993] <... memfd_create resumed>) = 3 [pid 1993] ftruncate(3, 2097152) = 0 [pid 1993] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1993] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1993] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1993] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1993] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1993] mkdir("./file0", 0777) = 0 [pid 1993] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1993] ioctl(4, LOOP_CLR_FD) = 0 [pid 1993] close(4) = 0 [pid 1993] close(3) = 0 [pid 1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1992] <... futex resumed>) = 0 [pid 1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1993] <... futex resumed>) = 0 [pid 1993] chdir("./file0") = 0 [pid 1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1993] <... futex resumed>) = 0 [pid 1993] creat("./file0", 000 [pid 1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1993] <... creat resumed>) = 3 [pid 1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1992] <... futex resumed>) = 0 [pid 1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1993] <... futex resumed>) = 0 [pid 1993] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1993] <... futex resumed>) = 0 [pid 1993] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1993] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1992] <... futex resumed>) = 0 [pid 1993] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1992] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1993] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1992] <... futex resumed>) = 0 [pid 1992] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1993] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1992] <... futex resumed>) = 0 [pid 1993] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 68.431048][ T1993] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.463154][ T1993] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 1992] exit_group(0) = ? [pid 1993] <... futex resumed>) = ? [pid 1993] +++ exited with 0 +++ [pid 1992] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1992, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./340/binderfs") = 0 [ 68.479869][ T1993] EXT4-fs (loop0): pa ffff8881e6ba6888: logic 16, phys. 128, len 24 [ 68.488286][ T1993] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./340/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1996 attached , child_tidptr=0x55555656e5d0) = 1996 [pid 1996] set_robust_list(0x55555656e5e0, 24) = 0 [pid 1996] chdir("./341") = 0 [pid 1996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1996] setpgid(0, 0) = 0 [pid 1996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1996] write(3, "1000", 4) = 4 [pid 1996] close(3) = 0 [pid 1996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1996] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 1996] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1996] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 1997 attached , parent_tid=[1997], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 1997 [pid 1997] set_robust_list(0x7f01680929e0, 24) = 0 [pid 1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 1997] <... futex resumed>) = 0 [pid 1997] memfd_create("syzkaller", 0) = 3 [pid 1997] ftruncate(3, 2097152) = 0 [pid 1997] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 1997] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 1997] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 1997] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 1997] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 1997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1997] mkdir("./file0", 0777) = 0 [pid 1997] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 1997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1997] ioctl(4, LOOP_CLR_FD) = 0 [pid 1997] close(4) = 0 [pid 1997] close(3) = 0 [pid 1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] <... futex resumed>) = 0 [pid 1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1997] <... futex resumed>) = 0 [pid 1996] <... futex resumed>) = 1 [pid 1997] chdir("./file0" [pid 1996] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1997] <... chdir resumed>) = 0 [pid 1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] <... futex resumed>) = 0 [pid 1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1996] <... futex resumed>) = 0 [pid 1997] creat("./file0", 000 [pid 1996] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1997] <... creat resumed>) = 3 [pid 1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] <... futex resumed>) = 0 [pid 1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1996] <... futex resumed>) = 0 [pid 1997] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 1996] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1997] <... write resumed>) = 40 [pid 1996] <... futex resumed>) = 0 [pid 1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 1996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1997] <... futex resumed>) = 0 [pid 1996] <... mmap resumed>) = 0x7f0168051000 [pid 1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1996] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2000 attached , parent_tid=[2000], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2000 [pid 2000] set_robust_list(0x7f01680719e0, 24 [pid 1996] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] <... set_robust_list resumed>) = 0 [pid 1996] <... futex resumed>) = 0 [pid 2000] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 1996] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2000] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2000] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] <... futex resumed>) = 0 [pid 1996] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1997] <... futex resumed>) = 0 [pid 1996] <... futex resumed>) = 1 [pid 1997] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 1996] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1997] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1997] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2000] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1997] <... futex resumed>) = 1 [pid 1996] <... futex resumed>) = 0 [pid 1997] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] exit_group(0 [pid 1997] <... futex resumed>) = ? [pid 1996] <... exit_group resumed>) = ? [pid 1997] +++ exited with 0 +++ [pid 2000] <... futex resumed>) = ? [ 68.590526][ T1997] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.610897][ T2000] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 68.627561][ T2000] EXT4-fs (loop0): pa ffff8881e6ba6f18: logic 16, phys. 128, len 24 [pid 2000] +++ exited with 0 +++ [pid 1996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1996, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./341/binderfs") = 0 [ 68.635666][ T2000] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2001 ./strace-static-x86_64: Process 2001 attached [pid 2001] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2001] chdir("./342") = 0 [pid 2001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2001] setpgid(0, 0) = 0 [pid 2001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2001] write(3, "1000", 4) = 4 [pid 2001] close(3) = 0 [pid 2001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2001] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2001] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2001] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2002], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2002 ./strace-static-x86_64: Process 2002 attached [pid 2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2002] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2002] memfd_create("syzkaller", 0) = 3 [pid 2002] ftruncate(3, 2097152) = 0 [pid 2002] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2002] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2002] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2002] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2002] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2002] mkdir("./file0", 0777) = 0 [pid 2002] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2002] ioctl(4, LOOP_CLR_FD) = 0 [pid 2002] close(4) = 0 [pid 2002] close(3) = 0 [pid 2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2001] <... futex resumed>) = 0 [pid 2002] <... futex resumed>) = 1 [pid 2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2002] chdir("./file0" [pid 2001] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2002] <... chdir resumed>) = 0 [pid 2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2001] <... futex resumed>) = 0 [pid 2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2002] creat("./file0", 000) = 3 [pid 2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2001] <... futex resumed>) = 0 [pid 2002] <... futex resumed>) = 1 [pid 2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2001] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2001] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2005], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2005 [pid 2001] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2002] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 2005 attached [pid 2005] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2005] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2002] <... write resumed>) = 40 [pid 2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2002] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2005] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2005] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2005] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2001] <... futex resumed>) = 0 [pid 2001] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2001] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2002] <... futex resumed>) = 0 [pid 2002] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2002] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2001] <... futex resumed>) = 0 [pid 2001] exit_group(0) = ? [pid 2005] <... futex resumed>) = ? [pid 2005] +++ exited with 0 +++ [pid 2002] <... futex resumed>) = ? [ 68.719291][ T2002] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.739132][ T2005] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 68.756883][ T2002] EXT4-fs (loop0): pa ffff8881e6ba6738: logic 16, phys. 128, len 24 [pid 2002] +++ exited with 0 +++ [pid 2001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2001, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./342/binderfs") = 0 [ 68.764873][ T2002] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2006 ./strace-static-x86_64: Process 2006 attached [pid 2006] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2006] chdir("./343") = 0 [pid 2006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2006] setpgid(0, 0) = 0 [pid 2006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2006] write(3, "1000", 4) = 4 [pid 2006] close(3) = 0 [pid 2006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2006] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2006] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2006] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2007 attached , parent_tid=[2007], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2007 [pid 2006] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2007] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2007] memfd_create("syzkaller", 0) = 3 [pid 2007] ftruncate(3, 2097152) = 0 [pid 2007] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2007] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2007] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2007] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2007] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2007] mkdir("./file0", 0777) = 0 [pid 2007] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2007] ioctl(4, LOOP_CLR_FD) = 0 [pid 2007] close(4) = 0 [pid 2007] close(3) = 0 [pid 2007] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2006] <... futex resumed>) = 0 [pid 2007] chdir("./file0" [pid 2006] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2007] <... chdir resumed>) = 0 [pid 2007] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2006] <... futex resumed>) = 0 [pid 2007] <... futex resumed>) = 1 [pid 2006] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2007] creat("./file0", 000) = 3 [pid 2007] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2006] <... futex resumed>) = 0 [pid 2007] <... futex resumed>) = 1 [pid 2006] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2006] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2006] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2010], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2010 [pid 2006] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2006] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2007] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 2010 attached [pid 2010] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2010] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2010] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2006] <... futex resumed>) = 0 [pid 2010] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2006] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2010] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2006] <... futex resumed>) = 0 [pid 2010] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2006] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2010] <... futex resumed>) = 0 [pid 2006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2010] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2007] <... write resumed>) = 40 [pid 2007] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2007] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2006] exit_group(0) = ? [pid 2010] <... futex resumed>) = ? [pid 2010] +++ exited with 0 +++ [pid 2007] <... futex resumed>) = ? [pid 2007] +++ exited with 0 +++ [pid 2006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2006, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./343/binderfs") = 0 [ 68.856097][ T2007] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 68.876045][ T2010] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2011 ./strace-static-x86_64: Process 2011 attached [pid 2011] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2011] chdir("./344") = 0 [pid 2011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2011] setpgid(0, 0) = 0 [pid 2011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2011] write(3, "1000", 4) = 4 [pid 2011] close(3) = 0 [pid 2011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2011] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2011] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2011] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2012 attached [pid 2012] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2012] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2011] <... clone resumed>, parent_tid=[2012], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2012 [pid 2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2012] <... futex resumed>) = 0 [pid 2011] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2012] memfd_create("syzkaller", 0) = 3 [pid 2012] ftruncate(3, 2097152) = 0 [pid 2012] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2012] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2012] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2012] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2012] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2012] mkdir("./file0", 0777) = 0 [pid 2012] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2012] ioctl(4, LOOP_CLR_FD) = 0 [pid 2012] close(4) = 0 [pid 2012] close(3) = 0 [pid 2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2011] <... futex resumed>) = 0 [pid 2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2011] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] chdir("./file0") = 0 [pid 2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2011] <... futex resumed>) = 0 [pid 2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2011] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] creat("./file0", 000) = 3 [pid 2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2011] <... futex resumed>) = 0 [pid 2012] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2011] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2011] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2011] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2012] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 2015 attached [pid 2011] <... clone resumed>, parent_tid=[2015], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2015 [pid 2011] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2011] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2015] set_robust_list(0x7f01680719e0, 24 [pid 2012] <... write resumed>) = 40 [pid 2015] <... set_robust_list resumed>) = 0 [pid 2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2015] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2012] <... futex resumed>) = 0 [pid 2012] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2015] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2015] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2011] <... futex resumed>) = 0 [pid 2011] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2011] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] <... futex resumed>) = 0 [pid 2012] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2012] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2011] <... futex resumed>) = 0 [pid 2015] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2012] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2011] exit_group(0 [pid 2012] <... futex resumed>) = ? [pid 2011] <... exit_group resumed>) = ? [pid 2012] +++ exited with 0 +++ [pid 2015] <... futex resumed>) = ? [ 68.993096][ T2012] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.016084][ T2015] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 69.033083][ T2015] EXT4-fs (loop0): pa ffff8881e6ba6690: logic 16, phys. 128, len 24 [pid 2015] +++ exited with 0 +++ [pid 2011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2011, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./344/binderfs") = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 69.041118][ T2015] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 rmdir("./344/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2016 attached , child_tidptr=0x55555656e5d0) = 2016 [pid 2016] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2016] chdir("./345") = 0 [pid 2016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2016] setpgid(0, 0) = 0 [pid 2016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2016] write(3, "1000", 4) = 4 [pid 2016] close(3) = 0 [pid 2016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2016] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2016] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2016] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2017 attached , parent_tid=[2017], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2017 [pid 2017] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2017] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2016] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2017] <... futex resumed>) = 0 [pid 2017] memfd_create("syzkaller", 0) = 3 [pid 2017] ftruncate(3, 2097152) = 0 [pid 2017] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2017] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2017] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2017] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2017] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2016] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2017] mkdir("./file0", 0777) = 0 [pid 2017] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2017] ioctl(4, LOOP_CLR_FD) = 0 [pid 2017] close(4) = 0 [pid 2017] close(3) = 0 [pid 2017] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2016] <... futex resumed>) = 0 [pid 2016] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2017] chdir("./file0" [pid 2016] <... futex resumed>) = 0 [pid 2016] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2017] <... chdir resumed>) = 0 [pid 2017] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] <... futex resumed>) = 0 [pid 2017] <... futex resumed>) = 1 [pid 2016] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2017] creat("./file0", 000 [pid 2016] <... futex resumed>) = 0 [pid 2016] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2017] <... creat resumed>) = 3 [pid 2017] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] <... futex resumed>) = 0 [pid 2017] <... futex resumed>) = 1 [pid 2016] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2016] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2016] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2016] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2020], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2020 ./strace-static-x86_64: Process 2020 attached [pid 2020] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2020] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2016] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2020] <... futex resumed>) = 0 [pid 2016] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2020] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2017] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2020] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2020] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2016] <... futex resumed>) = 0 [pid 2020] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2016] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2016] <... futex resumed>) = 0 [pid 2020] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2016] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2020] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2020] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2020] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2016] <... futex resumed>) = 0 [pid 2017] <... write resumed>) = 40 [pid 2017] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2017] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2016] exit_group(0) = ? [pid 2020] <... futex resumed>) = ? [pid 2017] <... futex resumed>) = ? [pid 2020] +++ exited with 0 +++ [pid 2017] +++ exited with 0 +++ [pid 2016] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2016, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./345/binderfs") = 0 [ 69.137423][ T2017] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.156598][ T2020] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2021 ./strace-static-x86_64: Process 2021 attached [pid 2021] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2021] chdir("./346") = 0 [pid 2021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2021] setpgid(0, 0) = 0 [pid 2021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2021] write(3, "1000", 4) = 4 [pid 2021] close(3) = 0 [pid 2021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2021] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2021] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2021] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2022 attached , parent_tid=[2022], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2022 [pid 2022] set_robust_list(0x7f01680929e0, 24 [pid 2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2022] <... set_robust_list resumed>) = 0 [pid 2021] <... futex resumed>) = 0 [pid 2022] memfd_create("syzkaller", 0 [pid 2021] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2022] <... memfd_create resumed>) = 3 [pid 2022] ftruncate(3, 2097152) = 0 [pid 2022] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2022] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2022] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2022] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2022] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2022] mkdir("./file0", 0777) = 0 [pid 2022] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2022] ioctl(4, LOOP_CLR_FD) = 0 [pid 2022] close(4) = 0 [pid 2022] close(3) = 0 [pid 2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2022] chdir("./file0") = 0 [pid 2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2022] creat("./file0", 000) = 3 [pid 2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2021] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2021] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2025], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2025 [pid 2021] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2021] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2022] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2025 attached [pid 2025] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2025] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2022] <... futex resumed>) = 0 [pid 2022] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2025] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2025] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2021] <... futex resumed>) = 0 [pid 2025] <... futex resumed>) = 1 [pid 2021] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2021] <... futex resumed>) = 0 [pid 2021] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2022] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2022] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2021] <... futex resumed>) = 0 [pid 2021] exit_group(0 [pid 2025] <... futex resumed>) = ? [pid 2021] <... exit_group resumed>) = ? [pid 2025] +++ exited with 0 +++ [pid 2022] <... futex resumed>) = ? [ 69.250387][ T2022] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.269381][ T2025] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 69.286582][ T2022] EXT4-fs (loop0): pa ffff8881db8710a8: logic 16, phys. 128, len 24 [pid 2022] +++ exited with 0 +++ [pid 2021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2021, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./346/binderfs") = 0 [ 69.294592][ T2022] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2026 ./strace-static-x86_64: Process 2026 attached [pid 2026] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2026] chdir("./347") = 0 [pid 2026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2026] setpgid(0, 0) = 0 [pid 2026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2026] write(3, "1000", 4) = 4 [pid 2026] close(3) = 0 [pid 2026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2026] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2026] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2026] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2027 attached , parent_tid=[2027], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2027 [pid 2026] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2027] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2027] memfd_create("syzkaller", 0) = 3 [pid 2027] ftruncate(3, 2097152) = 0 [pid 2027] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2027] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2027] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2027] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2027] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2027] mkdir("./file0", 0777) = 0 [pid 2027] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2027] ioctl(4, LOOP_CLR_FD) = 0 [pid 2027] close(4) = 0 [pid 2027] close(3) = 0 [pid 2027] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2026] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2027] chdir("./file0") = 0 [pid 2027] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2026] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2027] creat("./file0", 000) = 3 [pid 2027] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2026] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2026] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2026] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2030 attached , parent_tid=[2030], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2030 [pid 2030] set_robust_list(0x7f01680719e0, 24 [pid 2026] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2030] <... set_robust_list resumed>) = 0 [pid 2026] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2030] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2027] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2030] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2030] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2026] <... futex resumed>) = 0 [pid 2030] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2026] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2030] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2026] <... futex resumed>) = 0 [pid 2030] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2026] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2030] <... futex resumed>) = 0 [pid 2026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2030] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2027] <... write resumed>) = 40 [pid 2027] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2027] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2026] exit_group(0) = ? [pid 2030] <... futex resumed>) = ? [pid 2027] <... futex resumed>) = ? [pid 2030] +++ exited with 0 +++ [pid 2027] +++ exited with 0 +++ [pid 2026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2026, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./347/binderfs") = 0 [ 69.398717][ T2027] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.419230][ T2030] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2031 ./strace-static-x86_64: Process 2031 attached [pid 2031] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2031] chdir("./348") = 0 [pid 2031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2031] setpgid(0, 0) = 0 [pid 2031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2031] write(3, "1000", 4) = 4 [pid 2031] close(3) = 0 [pid 2031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2031] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2031] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2031] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2032 attached , parent_tid=[2032], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2032 [pid 2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2031] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2032] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2032] memfd_create("syzkaller", 0) = 3 [pid 2032] ftruncate(3, 2097152) = 0 [pid 2032] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2032] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2032] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2032] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2032] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2032] mkdir("./file0", 0777) = 0 [pid 2032] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2032] ioctl(4, LOOP_CLR_FD) = 0 [pid 2032] close(4) = 0 [pid 2032] close(3) = 0 [pid 2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2031] <... futex resumed>) = 0 [pid 2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2031] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] chdir("./file0") = 0 [pid 2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2031] <... futex resumed>) = 0 [pid 2032] <... futex resumed>) = 1 [pid 2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2031] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] creat("./file0", 000) = 3 [pid 2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2031] <... futex resumed>) = 0 [pid 2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2032] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2031] <... futex resumed>) = 0 [pid 2031] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2031] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2032] <... write resumed>) = 40 [pid 2031] <... mprotect resumed>) = 0 [pid 2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2031] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2035 attached [pid 2035] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2035] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2032] <... futex resumed>) = 0 [pid 2031] <... clone resumed>, parent_tid=[2035], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2035 [pid 2031] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2035] <... futex resumed>) = 0 [pid 2035] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2031] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2035] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2035] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2031] <... futex resumed>) = 0 [pid 2035] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2031] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2031] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2032] <... futex resumed>) = 0 [pid 2032] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2032] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2031] <... futex resumed>) = 0 [pid 2031] exit_group(0 [pid 2035] <... futex resumed>) = ? [pid 2031] <... exit_group resumed>) = ? [pid 2035] +++ exited with 0 +++ [ 69.550642][ T2032] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.573024][ T2035] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 69.590604][ T2032] EXT4-fs (loop0): pa ffff8881db8717e0: logic 16, phys. 128, len 24 [pid 2032] +++ exited with 0 +++ [pid 2031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2031, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./348/binderfs") = 0 [ 69.598578][ T2032] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2036 ./strace-static-x86_64: Process 2036 attached [pid 2036] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2036] chdir("./349") = 0 [pid 2036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2036] setpgid(0, 0) = 0 [pid 2036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2036] write(3, "1000", 4) = 4 [pid 2036] close(3) = 0 [pid 2036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2036] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2036] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2036] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2037 attached , parent_tid=[2037], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2037 [pid 2037] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2037] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2037] <... futex resumed>) = 0 [pid 2037] memfd_create("syzkaller", 0 [pid 2036] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2037] <... memfd_create resumed>) = 3 [pid 2037] ftruncate(3, 2097152) = 0 [pid 2037] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2037] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2037] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2037] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2037] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2037] mkdir("./file0", 0777) = 0 [pid 2037] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2037] ioctl(4, LOOP_CLR_FD) = 0 [pid 2037] close(4) = 0 [pid 2037] close(3) = 0 [pid 2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2037] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... futex resumed>) = 0 [pid 2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2037] <... futex resumed>) = 0 [pid 2037] chdir("./file0") = 0 [pid 2036] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2037] <... futex resumed>) = 0 [pid 2037] creat("./file0", 000 [pid 2036] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2037] <... creat resumed>) = 3 [pid 2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2037] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... futex resumed>) = 0 [pid 2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2036] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2036] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2036] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2040 attached [pid 2040] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2040] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... clone resumed>, parent_tid=[2040], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2040 [pid 2036] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2040] <... futex resumed>) = 0 [pid 2040] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2037] <... futex resumed>) = 0 [pid 2036] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2037] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2040] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2040] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... write resumed>) = 40 [pid 2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2040] <... futex resumed>) = 1 [pid 2036] <... futex resumed>) = 0 [pid 2036] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2037] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2040] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2037] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2037] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2036] <... futex resumed>) = 0 [pid 2036] exit_group(0 [pid 2037] <... futex resumed>) = 1 [pid 2036] <... exit_group resumed>) = ? [pid 2037] +++ exited with 0 +++ [pid 2040] <... futex resumed>) = ? [pid 2040] +++ exited with 0 +++ [pid 2036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2036, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./349/binderfs") = 0 [ 69.692063][ T2037] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.715264][ T2040] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2041 ./strace-static-x86_64: Process 2041 attached [pid 2041] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2041] chdir("./350") = 0 [pid 2041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2041] setpgid(0, 0) = 0 [pid 2041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2041] write(3, "1000", 4) = 4 [pid 2041] close(3) = 0 [pid 2041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2041] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2041] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2041] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2042 attached , parent_tid=[2042], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2042 [pid 2042] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2042] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2042] <... futex resumed>) = 0 [pid 2042] memfd_create("syzkaller", 0 [pid 2041] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2042] <... memfd_create resumed>) = 3 [pid 2042] ftruncate(3, 2097152) = 0 [pid 2042] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2042] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2042] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2042] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2042] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2042] mkdir("./file0", 0777) = 0 [pid 2042] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2042] ioctl(4, LOOP_CLR_FD) = 0 [pid 2042] close(4) = 0 [pid 2042] close(3) = 0 [pid 2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2041] <... futex resumed>) = 0 [pid 2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2042] chdir("./file0" [pid 2041] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... chdir resumed>) = 0 [pid 2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2041] <... futex resumed>) = 0 [pid 2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2042] creat("./file0", 000 [pid 2041] <... futex resumed>) = 0 [pid 2041] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... creat resumed>) = 3 [pid 2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2041] <... futex resumed>) = 0 [pid 2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2042] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2041] <... futex resumed>) = 0 [pid 2041] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2042] <... write resumed>) = 40 [pid 2041] <... mmap resumed>) = 0x7f0168051000 [pid 2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2041] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2041] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2042] <... futex resumed>) = 0 [pid 2042] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2045 attached [pid 2045] set_robust_list(0x7f01680719e0, 24 [pid 2041] <... clone resumed>, parent_tid=[2045], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2045 [pid 2041] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2041] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2045] <... set_robust_list resumed>) = 0 [pid 2045] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2045] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2041] <... futex resumed>) = 0 [pid 2045] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2041] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2041] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... futex resumed>) = 0 [pid 2042] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2042] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2041] <... futex resumed>) = 0 [pid 2041] exit_group(0) = ? [pid 2045] <... futex resumed>) = ? [pid 2045] +++ exited with 0 +++ [pid 2042] <... futex resumed>) = ? [ 69.809367][ T2042] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.827260][ T2045] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 69.844252][ T2042] EXT4-fs (loop0): pa ffff8881db8711f8: logic 16, phys. 128, len 24 [pid 2042] +++ exited with 0 +++ [pid 2041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2041, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./350/binderfs") = 0 [ 69.852366][ T2042] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2046 ./strace-static-x86_64: Process 2046 attached [pid 2046] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2046] chdir("./351") = 0 [pid 2046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2046] setpgid(0, 0) = 0 [pid 2046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2046] write(3, "1000", 4) = 4 [pid 2046] close(3) = 0 [pid 2046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2046] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2046] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2046] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2047 attached , parent_tid=[2047], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2047 [pid 2047] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2046] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2047] memfd_create("syzkaller", 0) = 3 [pid 2047] ftruncate(3, 2097152) = 0 [pid 2047] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2047] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2047] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2047] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2047] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2047] mkdir("./file0", 0777) = 0 [pid 2047] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2047] ioctl(4, LOOP_CLR_FD) = 0 [pid 2047] close(4) = 0 [pid 2047] close(3) = 0 [pid 2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2046] <... futex resumed>) = 0 [pid 2047] chdir("./file0" [pid 2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] <... chdir resumed>) = 0 [pid 2046] <... futex resumed>) = 0 [pid 2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2046] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2047] <... futex resumed>) = 0 [pid 2046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2047] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2046] <... futex resumed>) = 0 [pid 2047] creat("./file0", 000 [pid 2046] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2047] <... creat resumed>) = 3 [pid 2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2046] <... futex resumed>) = 0 [pid 2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2046] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2046] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2046] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2050], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2050 [pid 2046] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2046] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2047] <... futex resumed>) = 1 [pid 2047] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2047] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2050 attached [pid 2050] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2050] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2050] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2046] <... futex resumed>) = 0 [pid 2050] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2046] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2047] <... futex resumed>) = 0 [pid 2046] <... futex resumed>) = 1 [pid 2047] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2046] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2047] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2047] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2046] <... futex resumed>) = 0 [pid 2047] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2046] exit_group(0 [pid 2050] <... futex resumed>) = ? [pid 2047] <... futex resumed>) = ? [pid 2046] <... exit_group resumed>) = ? [pid 2047] +++ exited with 0 +++ [pid 2050] +++ exited with 0 +++ [pid 2046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2046, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./351/binderfs") = 0 [ 69.951891][ T2047] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 69.966670][ T2050] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 69.983684][ T2050] EXT4-fs (loop0): pa ffff8881db90e690: logic 16, phys. 128, len 24 [ 69.991683][ T2050] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2051 attached , child_tidptr=0x55555656e5d0) = 2051 [pid 2051] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2051] chdir("./352") = 0 [pid 2051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2051] setpgid(0, 0) = 0 [pid 2051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2051] write(3, "1000", 4) = 4 [pid 2051] close(3) = 0 [pid 2051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2051] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2051] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2051] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2052 attached , parent_tid=[2052], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2052 [pid 2052] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2052] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2052] <... futex resumed>) = 0 [pid 2052] memfd_create("syzkaller", 0 [pid 2051] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2052] <... memfd_create resumed>) = 3 [pid 2052] ftruncate(3, 2097152) = 0 [pid 2052] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2052] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2052] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2052] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2052] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2052] mkdir("./file0", 0777) = 0 [pid 2052] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2052] ioctl(4, LOOP_CLR_FD) = 0 [pid 2052] close(4) = 0 [pid 2052] close(3) = 0 [pid 2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2051] <... futex resumed>) = 0 [pid 2052] <... futex resumed>) = 1 [pid 2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2052] chdir("./file0" [pid 2051] <... futex resumed>) = 0 [pid 2052] <... chdir resumed>) = 0 [pid 2051] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2051] <... futex resumed>) = 0 [pid 2052] <... futex resumed>) = 1 [pid 2052] creat("./file0", 000 [pid 2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2051] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2052] <... creat resumed>) = 3 [pid 2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2051] <... futex resumed>) = 0 [pid 2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2051] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2051] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2051] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2055], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2055 [pid 2051] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2051] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2052] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2052] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2055 attached [pid 2055] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2055] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2055] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2051] <... futex resumed>) = 0 [pid 2055] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2051] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2051] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2052] <... futex resumed>) = 0 [pid 2052] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2052] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2051] <... futex resumed>) = 0 [pid 2051] exit_group(0) = ? [pid 2055] <... futex resumed>) = ? [pid 2055] +++ exited with 0 +++ [ 70.072307][ T2052] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.091759][ T2055] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 70.108871][ T2052] EXT4-fs (loop0): pa ffff8881db90edc8: logic 16, phys. 128, len 24 [pid 2052] +++ exited with 0 +++ [pid 2051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2051, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./352/binderfs") = 0 [ 70.116868][ T2052] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2056 ./strace-static-x86_64: Process 2056 attached [pid 2056] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2056] chdir("./353") = 0 [pid 2056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2056] setpgid(0, 0) = 0 [pid 2056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2056] write(3, "1000", 4) = 4 [pid 2056] close(3) = 0 [pid 2056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2056] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2056] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2056] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2057 attached , parent_tid=[2057], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2057 [pid 2057] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2057] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2057] <... futex resumed>) = 0 [pid 2057] memfd_create("syzkaller", 0) = 3 [pid 2057] ftruncate(3, 2097152) = 0 [pid 2057] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2057] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2057] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2057] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2057] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2057] ioctl(4, LOOP_SET_FD, 3 [pid 2056] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2057] <... ioctl resumed>) = 0 [pid 2057] mkdir("./file0", 0777) = 0 [pid 2057] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2057] ioctl(4, LOOP_CLR_FD) = 0 [pid 2057] close(4) = 0 [pid 2057] close(3) = 0 [pid 2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2056] <... futex resumed>) = 0 [pid 2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2057] chdir("./file0" [pid 2056] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2057] <... chdir resumed>) = 0 [pid 2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2056] <... futex resumed>) = 0 [pid 2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2057] creat("./file0", 000 [pid 2056] <... futex resumed>) = 0 [pid 2056] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2057] <... creat resumed>) = 3 [pid 2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] <... futex resumed>) = 0 [pid 2057] <... futex resumed>) = 1 [pid 2057] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2056] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2057] <... write resumed>) = 40 [pid 2056] <... futex resumed>) = 0 [pid 2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2057] <... futex resumed>) = 0 [pid 2056] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2056] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2057] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2060 attached [pid 2060] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2060] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2056] <... clone resumed>, parent_tid=[2060], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2060 [pid 2056] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2060] <... futex resumed>) = 0 [pid 2056] <... futex resumed>) = 1 [pid 2060] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2056] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2060] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2060] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2056] <... futex resumed>) = 0 [pid 2060] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2056] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2056] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2057] <... futex resumed>) = 0 [pid 2057] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2057] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2056] <... futex resumed>) = 0 [pid 2057] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2056] exit_group(0) = ? [pid 2057] <... futex resumed>) = ? [pid 2057] +++ exited with 0 +++ [pid 2060] <... futex resumed>) = ? [ 70.221685][ T2057] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.244527][ T2060] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 70.262036][ T2060] EXT4-fs (loop0): pa ffff8881db871b28: logic 16, phys. 128, len 24 [pid 2060] +++ exited with 0 +++ [pid 2056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2056, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./353/binderfs") = 0 [ 70.270041][ T2060] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./353/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2061 ./strace-static-x86_64: Process 2061 attached [pid 2061] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2061] chdir("./354") = 0 [pid 2061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2061] setpgid(0, 0) = 0 [pid 2061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2061] write(3, "1000", 4) = 4 [pid 2061] close(3) = 0 [pid 2061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2061] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2061] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2061] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2062], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2062 [pid 2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2061] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2062 attached [pid 2062] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2062] memfd_create("syzkaller", 0) = 3 [pid 2062] ftruncate(3, 2097152) = 0 [pid 2062] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2062] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2062] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2062] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2062] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2062] mkdir("./file0", 0777) = 0 [pid 2062] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2062] ioctl(4, LOOP_CLR_FD) = 0 [pid 2062] close(4) = 0 [pid 2062] close(3) = 0 [pid 2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2061] <... futex resumed>) = 0 [pid 2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2061] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2062] <... futex resumed>) = 1 [pid 2062] chdir("./file0") = 0 [pid 2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2061] <... futex resumed>) = 0 [pid 2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2061] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2062] <... futex resumed>) = 1 [pid 2062] creat("./file0", 000) = 3 [pid 2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2061] <... futex resumed>) = 0 [pid 2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2061] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2061] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2061] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2065], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2065 [pid 2061] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2061] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2062] <... futex resumed>) = 1 [pid 2062] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2062] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2065 attached [pid 2065] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2065] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2065] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2061] <... futex resumed>) = 0 [pid 2061] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2061] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2062] <... futex resumed>) = 0 [pid 2062] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2062] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2061] <... futex resumed>) = 0 [pid 2062] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2061] exit_group(0 [pid 2065] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2062] <... futex resumed>) = ? [pid 2061] <... exit_group resumed>) = ? [pid 2065] <... futex resumed>) = ? [pid 2062] +++ exited with 0 +++ [ 70.343035][ T2062] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.359262][ T2065] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 70.376161][ T2065] EXT4-fs (loop0): pa ffff8881db871f18: logic 16, phys. 128, len 24 [pid 2065] +++ exited with 0 +++ [pid 2061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2061, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./354/binderfs") = 0 [ 70.384456][ T2065] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./354/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2066 attached [pid 2066] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2066] chdir("./355") = 0 [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2066 [pid 2066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2066] setpgid(0, 0) = 0 [pid 2066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2066] write(3, "1000", 4) = 4 [pid 2066] close(3) = 0 [pid 2066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2066] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2066] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2066] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2067], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2067 [pid 2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2067 attached [pid 2067] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2067] memfd_create("syzkaller", 0) = 3 [pid 2067] ftruncate(3, 2097152) = 0 [pid 2067] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2067] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2067] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2067] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2067] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2067] mkdir("./file0", 0777) = 0 [pid 2067] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2067] ioctl(4, LOOP_CLR_FD) = 0 [pid 2067] close(4) = 0 [pid 2067] close(3) = 0 [pid 2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2066] <... futex resumed>) = 0 [pid 2067] chdir("./file0" [pid 2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... chdir resumed>) = 0 [pid 2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] <... futex resumed>) = 0 [pid 2067] <... futex resumed>) = 0 [pid 2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2067] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2066] <... futex resumed>) = 1 [pid 2067] creat("./file0", 000 [pid 2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2067] <... creat resumed>) = 3 [pid 2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2066] <... futex resumed>) = 0 [pid 2067] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... write resumed>) = 40 [pid 2066] <... futex resumed>) = 0 [pid 2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2066] <... futex resumed>) = 0 [pid 2067] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2067] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2066] <... futex resumed>) = 0 [pid 2066] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2066] <... futex resumed>) = 0 [pid 2066] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2067] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2067] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2066] <... futex resumed>) = 0 [pid 2066] exit_group(0) = ? [ 70.486123][ T2067] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.502850][ T2067] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 70.520007][ T2067] EXT4-fs (loop0): pa ffff8881db871498: logic 16, phys. 128, len 24 [pid 2067] +++ exited with 0 +++ [pid 2066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2066, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./355/binderfs") = 0 [ 70.528006][ T2067] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2070 ./strace-static-x86_64: Process 2070 attached [pid 2070] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2070] chdir("./356") = 0 [pid 2070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2070] setpgid(0, 0) = 0 [pid 2070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2070] write(3, "1000", 4) = 4 [pid 2070] close(3) = 0 [pid 2070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2070] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2070] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2070] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2071 attached [pid 2071] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2071] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2070] <... clone resumed>, parent_tid=[2071], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2071 [pid 2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2071] <... futex resumed>) = 0 [pid 2071] memfd_create("syzkaller", 0 [pid 2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2071] <... memfd_create resumed>) = 3 [pid 2071] ftruncate(3, 2097152) = 0 [pid 2071] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2071] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2071] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2071] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2071] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2071] mkdir("./file0", 0777) = 0 [pid 2071] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2071] ioctl(4, LOOP_CLR_FD) = 0 [pid 2071] close(4) = 0 [pid 2071] close(3) = 0 [pid 2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2070] <... futex resumed>) = 0 [pid 2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] chdir("./file0") = 0 [pid 2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2070] <... futex resumed>) = 0 [pid 2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... futex resumed>) = 1 [pid 2071] creat("./file0", 000) = 3 [pid 2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2070] <... futex resumed>) = 0 [pid 2071] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2071] <... write resumed>) = 40 [pid 2070] <... futex resumed>) = 0 [pid 2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2071] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2070] <... futex resumed>) = 0 [pid 2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2070] <... futex resumed>) = 0 [pid 2071] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2070] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2070] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2071] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2070] <... futex resumed>) = 0 [pid 2070] exit_group(0) = ? [ 70.636017][ T2071] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.661773][ T2071] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 2071] +++ exited with 0 +++ [pid 2070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2070, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./356/binderfs") = 0 [ 70.679229][ T2071] EXT4-fs (loop0): pa ffff8881db871bd0: logic 16, phys. 128, len 24 [ 70.687240][ T2071] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./356/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2074 ./strace-static-x86_64: Process 2074 attached [pid 2074] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2074] chdir("./357") = 0 [pid 2074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2074] setpgid(0, 0) = 0 [pid 2074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2074] write(3, "1000", 4) = 4 [pid 2074] close(3) = 0 [pid 2074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2074] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2074] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2074] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2075 attached [pid 2075] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2075] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2074] <... clone resumed>, parent_tid=[2075], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2075 [pid 2074] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2075] <... futex resumed>) = 0 [pid 2074] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2075] memfd_create("syzkaller", 0) = 3 [pid 2075] ftruncate(3, 2097152) = 0 [pid 2075] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2075] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2075] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2075] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2075] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2075] mkdir("./file0", 0777) = 0 [pid 2075] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2075] ioctl(4, LOOP_CLR_FD) = 0 [pid 2075] close(4) = 0 [pid 2075] close(3) = 0 [pid 2075] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2074] <... futex resumed>) = 0 [pid 2075] <... futex resumed>) = 1 [pid 2075] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2074] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2075] <... futex resumed>) = 0 [pid 2074] <... futex resumed>) = 1 [pid 2075] chdir("./file0") = 0 [pid 2075] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2075] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2074] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2074] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2075] <... futex resumed>) = 0 [pid 2075] creat("./file0", 000 [pid 2074] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2075] <... creat resumed>) = 3 [pid 2075] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2074] <... futex resumed>) = 0 [pid 2075] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2074] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2075] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2074] <... futex resumed>) = 0 [pid 2074] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2074] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2075] <... write resumed>) = 40 [pid 2075] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2074] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2075] <... futex resumed>) = 0 [pid 2075] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2078 attached [pid 2074] <... clone resumed>, parent_tid=[2078], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2078 [pid 2078] set_robust_list(0x7f01680719e0, 24 [pid 2074] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2078] <... set_robust_list resumed>) = 0 [pid 2078] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2074] <... futex resumed>) = 0 [pid 2074] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2078] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2078] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2074] <... futex resumed>) = 0 [pid 2074] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2075] <... futex resumed>) = 0 [pid 2074] <... futex resumed>) = 1 [pid 2075] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2074] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2075] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2075] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2074] exit_group(0) = ? [pid 2075] <... futex resumed>) = 231 [pid 2075] +++ exited with 0 +++ [pid 2078] +++ exited with 0 +++ [pid 2074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2074, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./357/binderfs") = 0 [ 70.832368][ T2075] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.847856][ T2078] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 70.864170][ T2078] EXT4-fs (loop0): pa ffff8881db90e7e0: logic 16, phys. 128, len 24 [ 70.872187][ T2078] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2079 ./strace-static-x86_64: Process 2079 attached [pid 2079] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2079] chdir("./358") = 0 [pid 2079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2079] setpgid(0, 0) = 0 [pid 2079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2079] write(3, "1000", 4) = 4 [pid 2079] close(3) = 0 [pid 2079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2079] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2079] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2079] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2080], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2080 [pid 2079] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2079] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2080 attached [pid 2080] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2080] memfd_create("syzkaller", 0) = 3 [pid 2080] ftruncate(3, 2097152) = 0 [pid 2080] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2080] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2080] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2080] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2080] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2080] mkdir("./file0", 0777) = 0 [pid 2080] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2080] ioctl(4, LOOP_CLR_FD) = 0 [pid 2080] close(4) = 0 [pid 2080] close(3) = 0 [pid 2080] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2079] <... futex resumed>) = 0 [pid 2079] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2080] chdir("./file0" [pid 2079] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2080] <... chdir resumed>) = 0 [pid 2080] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2079] <... futex resumed>) = 0 [pid 2079] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2080] creat("./file0", 000 [pid 2079] <... futex resumed>) = 0 [pid 2079] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2080] <... creat resumed>) = 3 [pid 2080] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2079] <... futex resumed>) = 0 [pid 2079] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2079] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2079] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2079] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2080] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2079] <... clone resumed>, parent_tid=[2083], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2083 [pid 2079] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2079] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2083 attached [pid 2083] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2083] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2083] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2079] <... futex resumed>) = 0 [pid 2079] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2079] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2083] <... futex resumed>) = 1 [pid 2083] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2083] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2079] <... futex resumed>) = 0 [pid 2083] <... futex resumed>) = 1 [pid 2083] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2080] <... write resumed>) = 40 [pid 2080] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2080] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2079] exit_group(0) = ? [pid 2083] <... futex resumed>) = ? [pid 2083] +++ exited with 0 +++ [pid 2080] <... futex resumed>) = ? [pid 2080] +++ exited with 0 +++ [pid 2079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2079, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./358/binderfs") = 0 [ 70.955006][ T2080] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.974720][ T2083] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2084 ./strace-static-x86_64: Process 2084 attached [pid 2084] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2084] chdir("./359") = 0 [pid 2084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2084] setpgid(0, 0) = 0 [pid 2084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2084] write(3, "1000", 4) = 4 [pid 2084] close(3) = 0 [pid 2084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2084] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2084] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2084] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2085], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2085 [pid 2084] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2085 attached [pid 2085] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2085] memfd_create("syzkaller", 0) = 3 [pid 2085] ftruncate(3, 2097152) = 0 [pid 2085] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2085] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2085] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2085] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2085] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2085] mkdir("./file0", 0777) = 0 [pid 2085] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2085] ioctl(4, LOOP_CLR_FD) = 0 [pid 2085] close(4) = 0 [pid 2085] close(3) = 0 [pid 2085] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2085] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2084] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2085] <... futex resumed>) = 0 [pid 2085] chdir("./file0") = 0 [pid 2085] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2085] <... futex resumed>) = 1 [pid 2085] creat("./file0", 000) = 3 [pid 2085] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2085] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2084] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2084] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2084] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2088 attached [pid 2088] set_robust_list(0x7f01680719e0, 24 [pid 2084] <... clone resumed>, parent_tid=[2088], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2088 [pid 2088] <... set_robust_list resumed>) = 0 [pid 2084] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2088] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2085] <... write resumed>) = 40 [pid 2085] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2085] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2088] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2088] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2088] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2084] <... futex resumed>) = 0 [pid 2084] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2085] <... futex resumed>) = 0 [pid 2084] <... futex resumed>) = 1 [pid 2085] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2084] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2085] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2085] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2084] exit_group(0 [pid 2085] <... futex resumed>) = ? [pid 2084] <... exit_group resumed>) = ? [pid 2088] <... futex resumed>) = ? [pid 2088] +++ exited with 0 +++ [pid 2085] +++ exited with 0 +++ [ 71.110571][ T2085] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 71.130742][ T2088] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 71.147718][ T2084] EXT4-fs (loop0): pa ffff8881db90e738: logic 16, phys. 128, len 24 [pid 2084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2084, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./359/binderfs") = 0 [ 71.155827][ T2084] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2089 ./strace-static-x86_64: Process 2089 attached [pid 2089] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2089] chdir("./360") = 0 [pid 2089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2089] setpgid(0, 0) = 0 [pid 2089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2089] write(3, "1000", 4) = 4 [pid 2089] close(3) = 0 [pid 2089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2089] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2089] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2089] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2090], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2090 [pid 2089] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2090 attached [pid 2090] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2090] memfd_create("syzkaller", 0) = 3 [pid 2090] ftruncate(3, 2097152) = 0 [pid 2090] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2090] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2090] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2090] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2090] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2090] mkdir("./file0", 0777) = 0 [pid 2090] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2090] ioctl(4, LOOP_CLR_FD) = 0 [pid 2090] close(4) = 0 [pid 2090] close(3) = 0 [pid 2090] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2089] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2090] chdir("./file0") = 0 [pid 2090] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2089] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2090] creat("./file0", 000) = 3 [pid 2090] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2089] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2089] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2089] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2093], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2093 [pid 2089] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2093 attached [pid 2093] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2093] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2090] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2093] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2093] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2090] <... write resumed>) = 40 [pid 2090] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2090] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2093] <... futex resumed>) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2089] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2093] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2089] <... futex resumed>) = 1 [pid 2089] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2090] <... futex resumed>) = 0 [pid 2090] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2090] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2090] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2089] exit_group(0) = ? [pid 2090] <... futex resumed>) = ? [pid 2090] +++ exited with 0 +++ [pid 2093] <... futex resumed>) = ? [pid 2093] +++ exited with 0 +++ [pid 2089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2089, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./360/binderfs") = 0 [ 71.278343][ T2090] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 71.298300][ T2093] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2094 attached , child_tidptr=0x55555656e5d0) = 2094 [pid 2094] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2094] chdir("./361") = 0 [pid 2094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2094] setpgid(0, 0) = 0 [pid 2094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2094] write(3, "1000", 4) = 4 [pid 2094] close(3) = 0 [pid 2094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2094] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2094] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2094] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2095 attached , parent_tid=[2095], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2095 [pid 2095] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2095] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2094] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2095] <... futex resumed>) = 0 [pid 2095] memfd_create("syzkaller", 0) = 3 [pid 2095] ftruncate(3, 2097152) = 0 [pid 2095] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2095] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2095] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2095] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2095] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2095] ioctl(4, LOOP_SET_FD, 3 [pid 2094] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2095] <... ioctl resumed>) = 0 [pid 2095] mkdir("./file0", 0777) = 0 [pid 2095] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2095] ioctl(4, LOOP_CLR_FD) = 0 [pid 2095] close(4) = 0 [pid 2095] close(3) = 0 [pid 2095] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2094] <... futex resumed>) = 0 [pid 2095] <... futex resumed>) = 1 [pid 2094] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2095] chdir("./file0" [pid 2094] <... futex resumed>) = 0 [pid 2094] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2095] <... chdir resumed>) = 0 [pid 2095] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2094] <... futex resumed>) = 0 [pid 2094] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2095] creat("./file0", 000 [pid 2094] <... futex resumed>) = 0 [pid 2094] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2095] <... creat resumed>) = 3 [pid 2095] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2094] <... futex resumed>) = 0 [pid 2095] <... futex resumed>) = 1 [pid 2094] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2094] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2095] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2094] <... futex resumed>) = 0 [pid 2094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2095] <... write resumed>) = 40 [pid 2094] <... mmap resumed>) = 0x7f0168051000 [pid 2095] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2094] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2094] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2095] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2098 attached [pid 2094] <... clone resumed>, parent_tid=[2098], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2098 [pid 2098] set_robust_list(0x7f01680719e0, 24 [pid 2094] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2098] <... set_robust_list resumed>) = 0 [pid 2094] <... futex resumed>) = 0 [pid 2098] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2094] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2095] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2098] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2098] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2094] <... futex resumed>) = 0 [pid 2098] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2094] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2094] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2095] <... futex resumed>) = 0 [pid 2095] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2095] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2094] <... futex resumed>) = 0 [pid 2094] exit_group(0 [pid 2098] <... futex resumed>) = ? [pid 2094] <... exit_group resumed>) = ? [pid 2098] +++ exited with 0 +++ [ 71.444899][ T2095] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 71.465161][ T2098] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 71.482364][ T2095] EXT4-fs (loop0): pa ffff8881db871540: logic 16, phys. 128, len 24 [pid 2095] +++ exited with 0 +++ [pid 2094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2094, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./361/binderfs") = 0 [ 71.490372][ T2095] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./361/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2099 ./strace-static-x86_64: Process 2099 attached [pid 2099] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2099] chdir("./362") = 0 [pid 2099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2099] setpgid(0, 0) = 0 [pid 2099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2099] write(3, "1000", 4) = 4 [pid 2099] close(3) = 0 [pid 2099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2099] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2099] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2099] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2100 attached [pid 2100] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2100] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2099] <... clone resumed>, parent_tid=[2100], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2100 [pid 2099] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2100] <... futex resumed>) = 0 [pid 2099] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2100] memfd_create("syzkaller", 0) = 3 [pid 2100] ftruncate(3, 2097152) = 0 [pid 2100] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2100] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2100] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2100] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2100] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2100] mkdir("./file0", 0777) = 0 [pid 2100] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2100] ioctl(4, LOOP_CLR_FD) = 0 [pid 2100] close(4) = 0 [pid 2100] close(3) = 0 [pid 2100] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2099] <... futex resumed>) = 0 [pid 2099] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2099] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2100] chdir("./file0") = 0 [pid 2100] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2099] <... futex resumed>) = 0 [pid 2099] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2099] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2100] creat("./file0", 000) = 3 [pid 2100] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2099] <... futex resumed>) = 0 [pid 2100] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2099] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2099] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2100] <... write resumed>) = 40 [pid 2100] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2099] <... mmap resumed>) = 0x7f0168051000 [pid 2100] <... futex resumed>) = 0 [pid 2099] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2100] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2099] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2103 attached [pid 2103] set_robust_list(0x7f01680719e0, 24 [pid 2099] <... clone resumed>, parent_tid=[2103], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2103 [pid 2103] <... set_robust_list resumed>) = 0 [pid 2099] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2103] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2099] <... futex resumed>) = 0 [pid 2099] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2103] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2103] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2099] <... futex resumed>) = 0 [pid 2103] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2099] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2100] <... futex resumed>) = 0 [pid 2100] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2099] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2100] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2100] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2099] <... futex resumed>) = 0 [pid 2100] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2099] exit_group(0) = ? [pid 2103] <... futex resumed>) = ? [pid 2103] +++ exited with 0 +++ [pid 2100] <... futex resumed>) = ? [ 71.640857][ T2100] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 71.657566][ T2103] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 71.673750][ T2100] EXT4-fs (loop0): pa ffff8881db871c78: logic 16, phys. 128, len 24 [pid 2100] +++ exited with 0 +++ [pid 2099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2099, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./362/binderfs") = 0 [ 71.681762][ T2100] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./362") = 0 mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2104 ./strace-static-x86_64: Process 2104 attached [pid 2104] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2104] chdir("./363") = 0 [pid 2104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2104] setpgid(0, 0) = 0 [pid 2104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2104] write(3, "1000", 4) = 4 [pid 2104] close(3) = 0 [pid 2104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2104] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2104] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2104] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2105 attached , parent_tid=[2105], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2105 [pid 2105] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2105] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2105] <... futex resumed>) = 0 [pid 2105] memfd_create("syzkaller", 0) = 3 [pid 2105] ftruncate(3, 2097152) = 0 [pid 2105] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2105] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2105] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2105] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2105] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2105] ioctl(4, LOOP_SET_FD, 3 [pid 2104] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2105] <... ioctl resumed>) = 0 [pid 2105] mkdir("./file0", 0777) = 0 [pid 2105] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2105] ioctl(4, LOOP_CLR_FD) = 0 [pid 2105] close(4) = 0 [pid 2105] close(3) = 0 [pid 2105] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2105] chdir("./file0" [pid 2104] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] <... chdir resumed>) = 0 [pid 2105] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2104] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2105] <... futex resumed>) = 0 [pid 2104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2105] creat("./file0", 000 [pid 2104] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2104] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2105] <... creat resumed>) = 3 [pid 2105] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2104] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2105] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2104] <... futex resumed>) = 0 [pid 2104] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] <... write resumed>) = 40 [pid 2104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2105] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2104] <... mmap resumed>) = 0x7f0168051000 [pid 2105] <... futex resumed>) = 0 [pid 2104] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2105] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2104] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2108 attached , parent_tid=[2108], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2108 [pid 2108] set_robust_list(0x7f01680719e0, 24 [pid 2104] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2108] <... set_robust_list resumed>) = 0 [pid 2104] <... futex resumed>) = 0 [pid 2108] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2104] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2108] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2108] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2104] <... futex resumed>) = 0 [pid 2104] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2104] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2105] <... futex resumed>) = 0 [pid 2105] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2105] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2104] <... futex resumed>) = 0 [pid 2104] exit_group(0) = ? [pid 2108] +++ exited with 0 +++ [pid 2105] <... futex resumed>) = ? [ 71.760169][ T2105] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 71.777906][ T2108] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 71.794304][ T2105] EXT4-fs (loop0): pa ffff8881db871348: logic 16, phys. 128, len 24 [pid 2105] +++ exited with 0 +++ [pid 2104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2104, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./363/binderfs") = 0 [ 71.802381][ T2105] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2109 ./strace-static-x86_64: Process 2109 attached [pid 2109] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2109] chdir("./364") = 0 [pid 2109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2109] setpgid(0, 0) = 0 [pid 2109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2109] write(3, "1000", 4) = 4 [pid 2109] close(3) = 0 [pid 2109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2109] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2109] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2109] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2110], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2110 [pid 2109] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2110 attached [pid 2110] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2110] memfd_create("syzkaller", 0) = 3 [pid 2110] ftruncate(3, 2097152) = 0 [pid 2110] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2110] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2110] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2110] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2110] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2110] mkdir("./file0", 0777) = 0 [pid 2110] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2110] ioctl(4, LOOP_CLR_FD) = 0 [pid 2110] close(4) = 0 [pid 2110] close(3) = 0 [pid 2110] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2109] <... futex resumed>) = 0 [pid 2109] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2110] <... futex resumed>) = 1 [pid 2110] chdir("./file0") = 0 [pid 2110] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2109] <... futex resumed>) = 0 [pid 2109] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2110] creat("./file0", 000 [pid 2109] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2110] <... creat resumed>) = 3 [pid 2110] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2109] <... futex resumed>) = 0 [pid 2109] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2109] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2109] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2110] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 2113 attached [pid 2109] <... clone resumed>, parent_tid=[2113], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2113 [pid 2113] set_robust_list(0x7f01680719e0, 24 [pid 2109] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2113] <... set_robust_list resumed>) = 0 [pid 2109] <... futex resumed>) = 0 [pid 2113] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2109] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2113] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2113] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2109] <... futex resumed>) = 0 [pid 2113] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2109] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2109] <... futex resumed>) = 0 [pid 2113] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2109] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2113] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2113] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2109] <... futex resumed>) = 0 [pid 2113] <... futex resumed>) = 1 [pid 2113] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2110] <... write resumed>) = 40 [pid 2110] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2110] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2109] exit_group(0) = ? [pid 2113] <... futex resumed>) = ? [pid 2113] +++ exited with 0 +++ [pid 2110] <... futex resumed>) = ? [pid 2110] +++ exited with 0 +++ [pid 2109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2109, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./364/binderfs") = 0 [ 71.921110][ T2110] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 71.939284][ T2113] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2114 ./strace-static-x86_64: Process 2114 attached [pid 2114] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2114] chdir("./365") = 0 [pid 2114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2114] setpgid(0, 0) = 0 [pid 2114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2114] write(3, "1000", 4) = 4 [pid 2114] close(3) = 0 [pid 2114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2114] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2114] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2114] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2115 attached , parent_tid=[2115], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2115 [pid 2114] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2114] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2115] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2115] memfd_create("syzkaller", 0) = 3 [pid 2115] ftruncate(3, 2097152) = 0 [pid 2115] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2115] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2115] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2115] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2115] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2115] mkdir("./file0", 0777) = 0 [pid 2115] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2115] ioctl(4, LOOP_CLR_FD) = 0 [pid 2115] close(4) = 0 [pid 2115] close(3) = 0 [pid 2115] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2114] <... futex resumed>) = 0 [pid 2114] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2114] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2115] chdir("./file0") = 0 [pid 2115] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2114] <... futex resumed>) = 0 [pid 2114] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2114] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2115] creat("./file0", 000) = 3 [pid 2115] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2114] <... futex resumed>) = 0 [pid 2115] <... futex resumed>) = 1 [pid 2114] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2115] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2114] <... futex resumed>) = 0 [pid 2114] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2115] <... write resumed>) = 40 [pid 2114] <... futex resumed>) = 0 [pid 2114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2115] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2114] <... mmap resumed>) = 0x7f0168051000 [pid 2115] <... futex resumed>) = 0 [pid 2114] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2115] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2114] <... mprotect resumed>) = 0 [pid 2114] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2118], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2118 [pid 2114] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2118 attached ) = 0 [pid 2114] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2118] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2118] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2118] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2114] <... futex resumed>) = 0 [pid 2118] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2114] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2115] <... futex resumed>) = 0 [pid 2114] <... futex resumed>) = 1 [pid 2115] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2114] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2115] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2115] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2114] <... futex resumed>) = 0 [pid 2114] exit_group(0) = ? [pid 2118] <... futex resumed>) = ? [pid 2115] +++ exited with 0 +++ [ 72.069538][ T2115] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 72.089167][ T2118] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 72.106923][ T2118] EXT4-fs (loop0): pa ffff8881db871150: logic 16, phys. 128, len 24 [pid 2118] +++ exited with 0 +++ [pid 2114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2114, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./365/binderfs") = 0 [ 72.114946][ T2118] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2119 ./strace-static-x86_64: Process 2119 attached [pid 2119] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2119] chdir("./366") = 0 [pid 2119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2119] setpgid(0, 0) = 0 [pid 2119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2119] write(3, "1000", 4) = 4 [pid 2119] close(3) = 0 [pid 2119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2119] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2119] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2119] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2120], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2120 [pid 2119] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2120 attached [pid 2120] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2120] memfd_create("syzkaller", 0) = 3 [pid 2120] ftruncate(3, 2097152) = 0 [pid 2120] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2120] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2120] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2120] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2120] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2120] mkdir("./file0", 0777) = 0 [pid 2120] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2120] ioctl(4, LOOP_CLR_FD) = 0 [pid 2120] close(4) = 0 [pid 2120] close(3) = 0 [pid 2120] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2120] chdir("./file0") = 0 [pid 2120] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2120] creat("./file0", 000) = 3 [pid 2120] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2120] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2119] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2120] <... write resumed>) = 40 [pid 2119] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2123], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2123 [pid 2119] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2123 attached [pid 2120] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2123] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2123] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2120] <... futex resumed>) = 0 [pid 2120] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2123] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2123] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2119] <... futex resumed>) = 0 [pid 2119] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2120] <... futex resumed>) = 0 [pid 2119] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2120] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2120] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2119] <... futex resumed>) = 0 [pid 2120] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2119] exit_group(0) = ? [pid 2120] <... futex resumed>) = ? [pid 2120] +++ exited with 0 +++ [ 72.227466][ T2120] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 72.249145][ T2123] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 72.265586][ T2123] EXT4-fs (loop0): pa ffff8881db90e348: logic 16, phys. 128, len 24 [pid 2123] +++ exited with 0 +++ [pid 2119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2119, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./366/binderfs") = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 [ 72.273589][ T2123] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2124 ./strace-static-x86_64: Process 2124 attached [pid 2124] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2124] chdir("./367") = 0 [pid 2124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2124] setpgid(0, 0) = 0 [pid 2124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2124] write(3, "1000", 4) = 4 [pid 2124] close(3) = 0 [pid 2124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2124] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2124] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2124] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2125], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2125 [pid 2124] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2125 attached [pid 2125] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2125] memfd_create("syzkaller", 0) = 3 [pid 2125] ftruncate(3, 2097152) = 0 [pid 2125] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2125] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2125] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2125] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2125] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2125] mkdir("./file0", 0777) = 0 [pid 2125] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2125] ioctl(4, LOOP_CLR_FD) = 0 [pid 2125] close(4) = 0 [pid 2125] close(3) = 0 [pid 2125] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2124] <... futex resumed>) = 0 [pid 2124] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2125] chdir("./file0") = 0 [pid 2125] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2124] <... futex resumed>) = 0 [pid 2124] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2125] creat("./file0", 000) = 3 [pid 2125] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2124] <... futex resumed>) = 0 [pid 2124] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2124] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2124] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2128], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2128 [pid 2124] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2124] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2128 attached [pid 2128] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2128] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2125] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2128] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2128] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2125] <... write resumed>) = 40 [pid 2125] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2125] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2128] <... futex resumed>) = 1 [pid 2124] <... futex resumed>) = 0 [pid 2124] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2124] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2125] <... futex resumed>) = 0 [pid 2125] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2125] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2124] <... futex resumed>) = 0 [pid 2125] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2124] exit_group(0 [pid 2128] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2124] <... exit_group resumed>) = ? [pid 2125] <... futex resumed>) = ? [pid 2125] +++ exited with 0 +++ [pid 2128] <... futex resumed>) = ? [pid 2128] +++ exited with 0 +++ [pid 2124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2124, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./367/binderfs") = 0 [ 72.353725][ T2125] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 72.369775][ T2128] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2129 attached , child_tidptr=0x55555656e5d0) = 2129 [pid 2129] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2129] chdir("./368") = 0 [pid 2129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2129] setpgid(0, 0) = 0 [pid 2129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2129] write(3, "1000", 4) = 4 [pid 2129] close(3) = 0 [pid 2129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2129] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2129] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2129] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2130 attached [pid 2130] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2130] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2129] <... clone resumed>, parent_tid=[2130], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2130 [pid 2129] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2130] <... futex resumed>) = 0 [pid 2130] memfd_create("syzkaller", 0) = 3 [pid 2130] ftruncate(3, 2097152) = 0 [pid 2130] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2130] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2130] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2130] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2130] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2130] ioctl(4, LOOP_SET_FD, 3 [pid 2129] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2130] <... ioctl resumed>) = 0 [pid 2130] mkdir("./file0", 0777) = 0 [pid 2130] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2130] ioctl(4, LOOP_CLR_FD) = 0 [pid 2130] close(4) = 0 [pid 2130] close(3) = 0 [pid 2130] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2129] <... futex resumed>) = 0 [pid 2130] <... futex resumed>) = 1 [pid 2129] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2130] chdir("./file0" [pid 2129] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] <... chdir resumed>) = 0 [pid 2130] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2129] <... futex resumed>) = 0 [pid 2130] <... futex resumed>) = 1 [pid 2129] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2130] creat("./file0", 000 [pid 2129] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] <... creat resumed>) = 3 [pid 2130] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2129] <... futex resumed>) = 0 [pid 2130] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2129] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2129] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2129] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2133 attached , parent_tid=[2133], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2133 [pid 2133] set_robust_list(0x7f01680719e0, 24 [pid 2129] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2133] <... set_robust_list resumed>) = 0 [pid 2129] <... futex resumed>) = 0 [pid 2133] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2129] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2133] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2133] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2129] <... futex resumed>) = 0 [pid 2129] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2129] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2130] <... write resumed>) = 40 [pid 2130] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2130] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2133] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2133] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2129] <... futex resumed>) = 0 [pid 2129] exit_group(0) = ? [pid 2133] +++ exited with 0 +++ [pid 2130] <... futex resumed>) = ? [pid 2130] +++ exited with 0 +++ [pid 2129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2129, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./368/binderfs") = 0 [ 72.508517][ T2130] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 72.526444][ T2133] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2134 ./strace-static-x86_64: Process 2134 attached [pid 2134] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2134] chdir("./369") = 0 [pid 2134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2134] setpgid(0, 0) = 0 [pid 2134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2134] write(3, "1000", 4) = 4 [pid 2134] close(3) = 0 [pid 2134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2134] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2134] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2134] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2135], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2135 [pid 2134] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2135 attached [pid 2135] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2135] memfd_create("syzkaller", 0) = 3 [pid 2135] ftruncate(3, 2097152) = 0 [pid 2135] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2135] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2135] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2135] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2135] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2135] mkdir("./file0", 0777) = 0 [pid 2135] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2135] ioctl(4, LOOP_CLR_FD) = 0 [pid 2135] close(4) = 0 [pid 2135] close(3) = 0 [pid 2135] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2135] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2134] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2135] <... futex resumed>) = 0 [pid 2135] chdir("./file0") = 0 [pid 2135] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2135] creat("./file0", 000) = 3 [pid 2135] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2134] <... futex resumed>) = 0 [pid 2134] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2134] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2135] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2134] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2135] <... write resumed>) = 40 [pid 2135] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2135] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2138 attached [pid 2134] <... clone resumed>, parent_tid=[2138], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2138 [pid 2138] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2138] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2138] <... futex resumed>) = 0 [pid 2138] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2134] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2138] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2138] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2134] <... futex resumed>) = 0 [pid 2138] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2135] <... futex resumed>) = 0 [pid 2134] <... futex resumed>) = 1 [pid 2135] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2134] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2135] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2135] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2134] <... futex resumed>) = 0 [pid 2135] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2134] exit_group(0 [pid 2135] <... futex resumed>) = ? [pid 2134] <... exit_group resumed>) = ? [pid 2135] +++ exited with 0 +++ [pid 2138] <... futex resumed>) = ? [ 72.645404][ T2135] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 72.676321][ T2138] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 2138] +++ exited with 0 +++ [pid 2134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2134, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./369/binderfs") = 0 [ 72.692897][ T2138] EXT4-fs (loop0): pa ffff8881db90e0a8: logic 16, phys. 128, len 24 [ 72.704317][ T2138] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2139 ./strace-static-x86_64: Process 2139 attached [pid 2139] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2139] chdir("./370") = 0 [pid 2139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2139] setpgid(0, 0) = 0 [pid 2139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2139] write(3, "1000", 4) = 4 [pid 2139] close(3) = 0 [pid 2139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2139] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2139] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2139] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2140], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2140 [pid 2139] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2140 attached [pid 2140] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2140] memfd_create("syzkaller", 0) = 3 [pid 2140] ftruncate(3, 2097152) = 0 [pid 2140] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2140] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2140] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2140] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2140] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2140] mkdir("./file0", 0777) = 0 [pid 2140] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2140] ioctl(4, LOOP_CLR_FD) = 0 [pid 2140] close(4) = 0 [pid 2140] close(3) = 0 [pid 2140] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2139] <... futex resumed>) = 0 [pid 2140] <... futex resumed>) = 1 [pid 2139] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2140] chdir("./file0" [pid 2139] <... futex resumed>) = 0 [pid 2140] <... chdir resumed>) = 0 [pid 2139] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2140] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2139] <... futex resumed>) = 0 [pid 2140] creat("./file0", 000 [pid 2139] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2140] <... creat resumed>) = 3 [pid 2140] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2139] <... futex resumed>) = 0 [pid 2139] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2139] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2139] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2143], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2143 [pid 2139] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2139] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2140] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2140] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2140] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2143 attached [pid 2143] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2143] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2143] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2139] <... futex resumed>) = 0 [pid 2139] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2139] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2143] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2140] <... futex resumed>) = 0 [pid 2140] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2140] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2139] <... futex resumed>) = 0 [pid 2139] exit_group(0) = ? [pid 2143] <... futex resumed>) = ? [pid 2140] +++ exited with 0 +++ [ 72.789641][ T2140] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 72.810808][ T2143] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 72.828157][ T2143] EXT4-fs (loop0): pa ffff8881db90e150: logic 16, phys. 128, len 24 [pid 2143] +++ exited with 0 +++ [pid 2139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2139, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./370/binderfs") = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2144 ./strace-static-x86_64: Process 2144 attached [pid 2144] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2144] chdir("./371") = 0 [pid 2144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2144] setpgid(0, 0) = 0 [pid 2144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2144] write(3, "1000", 4) = 4 [pid 2144] close(3) = 0 [pid 2144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2144] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2144] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2144] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2145], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2145 [pid 2144] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2145 attached [pid 2145] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2145] memfd_create("syzkaller", 0) = 3 [pid 2145] ftruncate(3, 2097152) = 0 [pid 2145] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2145] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2145] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2145] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2145] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2145] ioctl(4, LOOP_SET_FD, 3) = 0 [ 72.836154][ T2143] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 2145] mkdir("./file0", 0777) = 0 [pid 2145] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2145] ioctl(4, LOOP_CLR_FD) = 0 [pid 2145] close(4) = 0 [pid 2145] close(3) = 0 [pid 2145] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2145] <... futex resumed>) = 1 [pid 2145] chdir("./file0") = 0 [pid 2145] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2145] <... futex resumed>) = 1 [pid 2145] creat("./file0", 000) = 3 [pid 2145] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2144] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2144] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2148], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2148 [pid 2144] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2144] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2145] <... futex resumed>) = 1 [pid 2145] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2145] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2145] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2148 attached [pid 2148] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2148] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2148] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2144] <... futex resumed>) = 0 [pid 2144] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2145] <... futex resumed>) = 0 [pid 2144] <... futex resumed>) = 1 [pid 2145] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2144] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2145] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2148] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2144] <... futex resumed>) = 0 [pid 2145] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2144] exit_group(0 [pid 2145] <... futex resumed>) = ? [pid 2144] <... exit_group resumed>) = ? [pid 2145] +++ exited with 0 +++ [pid 2148] <... futex resumed>) = ? [ 72.907707][ T2145] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 72.924289][ T2148] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 72.941697][ T2148] EXT4-fs (loop0): pa ffff8881dba2c0a8: logic 16, phys. 128, len 24 [pid 2148] +++ exited with 0 +++ [pid 2144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2144, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./371/binderfs") = 0 [ 72.949693][ T2148] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2149 ./strace-static-x86_64: Process 2149 attached [pid 2149] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2149] chdir("./372") = 0 [pid 2149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2149] setpgid(0, 0) = 0 [pid 2149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2149] write(3, "1000", 4) = 4 [pid 2149] close(3) = 0 [pid 2149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2149] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2149] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2149] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2150], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2150 [pid 2149] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2150 attached ) = 0 [pid 2150] set_robust_list(0x7f01680929e0, 24 [pid 2149] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2150] <... set_robust_list resumed>) = 0 [pid 2150] memfd_create("syzkaller", 0) = 3 [pid 2150] ftruncate(3, 2097152) = 0 [pid 2150] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2150] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2150] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2150] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2150] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2150] mkdir("./file0", 0777) = 0 [pid 2150] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2150] ioctl(4, LOOP_CLR_FD) = 0 [pid 2150] close(4) = 0 [pid 2150] close(3) = 0 [pid 2150] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2150] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2149] <... futex resumed>) = 0 [pid 2150] chdir("./file0" [pid 2149] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2150] <... chdir resumed>) = 0 [pid 2150] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2150] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2149] <... futex resumed>) = 0 [pid 2150] creat("./file0", 000 [pid 2149] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2150] <... creat resumed>) = 3 [pid 2150] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2150] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2149] <... futex resumed>) = 0 [pid 2150] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2149] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2150] <... write resumed>) = 40 [pid 2149] <... futex resumed>) = 0 [pid 2150] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2150] <... futex resumed>) = 0 [pid 2149] <... mmap resumed>) = 0x7f0168051000 [pid 2150] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2149] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2153 attached , parent_tid=[2153], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2153 [pid 2149] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2149] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2153] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2153] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2153] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2149] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2150] <... futex resumed>) = 0 [pid 2149] <... futex resumed>) = 1 [pid 2150] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2149] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2150] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2150] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2149] <... futex resumed>) = 0 [pid 2150] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2149] exit_group(0 [pid 2150] <... futex resumed>) = ? [pid 2149] <... exit_group resumed>) = ? [pid 2150] +++ exited with 0 +++ [ 73.050438][ T2150] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 73.072565][ T2153] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 73.089677][ T2153] EXT4-fs (loop0): pa ffff8881dba2c150: logic 16, phys. 128, len 24 [pid 2153] +++ exited with 0 +++ [pid 2149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2149, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./372/binderfs") = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2154 ./strace-static-x86_64: Process 2154 attached [pid 2154] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2154] chdir("./373") = 0 [pid 2154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2154] setpgid(0, 0) = 0 [pid 2154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2154] write(3, "1000", 4) = 4 [pid 2154] close(3) = 0 [pid 2154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2154] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2154] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2154] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2155 attached , parent_tid=[2155], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2155 [pid 2154] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2155] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2155] memfd_create("syzkaller", 0) = 3 [pid 2155] ftruncate(3, 2097152) = 0 [pid 2155] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2155] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2155] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2155] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2155] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 73.097694][ T2153] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 2155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2155] mkdir("./file0", 0777) = 0 [pid 2155] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2155] ioctl(4, LOOP_CLR_FD) = 0 [pid 2155] close(4) = 0 [pid 2155] close(3) = 0 [pid 2155] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2154] <... futex resumed>) = 0 [pid 2155] <... futex resumed>) = 1 [pid 2154] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2155] chdir("./file0" [pid 2154] <... futex resumed>) = 0 [pid 2154] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2155] <... chdir resumed>) = 0 [pid 2155] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2154] <... futex resumed>) = 0 [pid 2154] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2155] creat("./file0", 000 [pid 2154] <... futex resumed>) = 0 [pid 2154] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2155] <... creat resumed>) = 3 [pid 2155] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2154] <... futex resumed>) = 0 [pid 2154] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2154] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2154] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2158], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2158 [pid 2154] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2154] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2158 attached [pid 2158] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2158] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2155] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2158] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2158] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2155] <... write resumed>) = 40 [pid 2155] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2155] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2158] <... futex resumed>) = 1 [pid 2154] <... futex resumed>) = 0 [pid 2154] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2154] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2155] <... futex resumed>) = 0 [pid 2155] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2155] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2154] <... futex resumed>) = 0 [pid 2155] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2154] exit_group(0) = ? [pid 2155] <... futex resumed>) = ? [pid 2155] +++ exited with 0 +++ [pid 2158] +++ exited with 0 +++ [pid 2154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2154, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./373/binderfs") = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./373/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2159 [ 73.165557][ T2155] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 73.182767][ T2158] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata ./strace-static-x86_64: Process 2159 attached [pid 2159] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2159] chdir("./374") = 0 [pid 2159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2159] setpgid(0, 0) = 0 [pid 2159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2159] write(3, "1000", 4) = 4 [pid 2159] close(3) = 0 [pid 2159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2159] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2159] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2159] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2160 attached [pid 2160] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2160] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] <... clone resumed>, parent_tid=[2160], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2160 [pid 2159] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2160] <... futex resumed>) = 0 [pid 2159] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2160] memfd_create("syzkaller", 0) = 3 [pid 2160] ftruncate(3, 2097152) = 0 [pid 2160] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2160] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2160] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2160] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2160] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2160] mkdir("./file0", 0777) = 0 [pid 2160] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2160] ioctl(4, LOOP_CLR_FD) = 0 [pid 2160] close(4) = 0 [pid 2160] close(3) = 0 [pid 2160] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2159] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2159] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2160] chdir("./file0") = 0 [pid 2160] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2159] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2160] creat("./file0", 000 [pid 2159] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2160] <... creat resumed>) = 3 [pid 2160] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2160] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2159] <... futex resumed>) = 0 [pid 2160] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2159] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2160] <... write resumed>) = 40 [pid 2159] <... futex resumed>) = 0 [pid 2159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2160] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2159] <... mmap resumed>) = 0x7f0168051000 [pid 2160] <... futex resumed>) = 0 [pid 2159] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2160] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] <... mprotect resumed>) = 0 [pid 2159] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2163 attached , parent_tid=[2163], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2163 [pid 2163] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2163] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2163] <... futex resumed>) = 0 [pid 2163] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2159] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2163] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2163] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2163] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] <... futex resumed>) = 0 [pid 2159] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2160] <... futex resumed>) = 0 [pid 2159] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2160] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2160] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2159] <... futex resumed>) = 0 [pid 2160] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2159] exit_group(0) = ? [pid 2163] <... futex resumed>) = ? [pid 2163] +++ exited with 0 +++ [pid 2160] <... futex resumed>) = ? [ 73.262669][ T2160] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 73.293372][ T2163] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 2160] +++ exited with 0 +++ [pid 2159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2159, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./374/binderfs") = 0 [ 73.311384][ T2160] EXT4-fs (loop0): pa ffff8881dba2c540: logic 16, phys. 128, len 24 [ 73.319360][ T2160] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2164 ./strace-static-x86_64: Process 2164 attached [pid 2164] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2164] chdir("./375") = 0 [pid 2164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2164] setpgid(0, 0) = 0 [pid 2164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2164] write(3, "1000", 4) = 4 [pid 2164] close(3) = 0 [pid 2164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2164] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2164] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2164] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2165 attached , parent_tid=[2165], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2165 [pid 2165] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2165] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2164] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2165] <... futex resumed>) = 0 [pid 2164] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2165] memfd_create("syzkaller", 0) = 3 [pid 2165] ftruncate(3, 2097152) = 0 [pid 2165] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2165] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2165] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2165] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2165] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2165] mkdir("./file0", 0777) = 0 [pid 2165] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2165] ioctl(4, LOOP_CLR_FD) = 0 [pid 2165] close(4) = 0 [pid 2165] close(3) = 0 [pid 2165] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2164] <... futex resumed>) = 0 [pid 2164] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2165] <... futex resumed>) = 1 [pid 2165] chdir("./file0") = 0 [pid 2165] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2164] <... futex resumed>) = 0 [pid 2165] creat("./file0", 000 [pid 2164] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2165] <... creat resumed>) = 3 [pid 2165] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2164] <... futex resumed>) = 0 [pid 2164] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2165] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2164] <... mmap resumed>) = 0x7f0168051000 [pid 2164] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2165] <... write resumed>) = 40 [pid 2164] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2168], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2168 ./strace-static-x86_64: Process 2168 attached [pid 2164] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2168] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2168] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2164] <... futex resumed>) = 0 [pid 2165] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2168] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2168] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2164] <... futex resumed>) = 0 [pid 2168] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2164] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2164] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2165] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2165] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2164] <... futex resumed>) = 0 [pid 2164] exit_group(0) = ? [pid 2168] <... futex resumed>) = 231 [pid 2168] +++ exited with 0 +++ [ 73.443279][ T2165] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 73.462754][ T2168] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 73.479823][ T2165] EXT4-fs (loop0): pa ffff8881db8a2dc8: logic 16, phys. 128, len 24 [pid 2165] +++ exited with 0 +++ [pid 2164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2164, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./375/binderfs") = 0 [ 73.487904][ T2165] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2169 ./strace-static-x86_64: Process 2169 attached [pid 2169] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2169] chdir("./376") = 0 [pid 2169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2169] setpgid(0, 0) = 0 [pid 2169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2169] write(3, "1000", 4) = 4 [pid 2169] close(3) = 0 [pid 2169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2169] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2169] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2169] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2170 attached [pid 2170] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2170] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2169] <... clone resumed>, parent_tid=[2170], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2170 [pid 2169] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2170] <... futex resumed>) = 0 [pid 2169] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2170] memfd_create("syzkaller", 0) = 3 [pid 2170] ftruncate(3, 2097152) = 0 [pid 2170] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2170] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2170] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2170] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2170] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2170] mkdir("./file0", 0777) = 0 [pid 2170] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2170] ioctl(4, LOOP_CLR_FD) = 0 [pid 2170] close(4) = 0 [pid 2170] close(3) = 0 [pid 2170] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2170] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2169] <... futex resumed>) = 0 [pid 2169] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2170] <... futex resumed>) = 0 [pid 2169] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2170] chdir("./file0") = 0 [pid 2170] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2169] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2170] creat("./file0", 000 [pid 2169] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2170] <... creat resumed>) = 3 [pid 2170] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2170] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2169] <... futex resumed>) = 0 [pid 2169] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2170] <... futex resumed>) = 0 [pid 2170] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2169] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2170] <... write resumed>) = 40 [pid 2169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2170] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2169] <... mmap resumed>) = 0x7f0168051000 [pid 2170] <... futex resumed>) = 0 [pid 2169] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2170] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2169] <... mprotect resumed>) = 0 [pid 2169] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2173 attached [pid 2173] set_robust_list(0x7f01680719e0, 24 [pid 2169] <... clone resumed>, parent_tid=[2173], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2173 [pid 2169] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2169] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2173] <... set_robust_list resumed>) = 0 [pid 2173] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2173] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2169] <... futex resumed>) = 0 [pid 2169] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2169] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2170] <... futex resumed>) = 0 [pid 2170] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2170] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2169] <... futex resumed>) = 0 [pid 2169] exit_group(0) = ? [pid 2170] <... futex resumed>) = ? [pid 2173] +++ exited with 0 +++ [ 73.637542][ T2170] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 73.666142][ T2173] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 2170] +++ exited with 0 +++ [pid 2169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2169, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./376/binderfs") = 0 [ 73.683349][ T2170] EXT4-fs (loop0): pa ffff8881db8a29d8: logic 16, phys. 128, len 24 [ 73.691379][ T2170] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./376/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2174 ./strace-static-x86_64: Process 2174 attached [pid 2174] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2174] chdir("./377") = 0 [pid 2174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2174] setpgid(0, 0) = 0 [pid 2174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2174] write(3, "1000", 4) = 4 [pid 2174] close(3) = 0 [pid 2174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2174] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2174] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2174] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2175], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2175 [pid 2174] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2175 attached [pid 2175] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2175] memfd_create("syzkaller", 0) = 3 [pid 2175] ftruncate(3, 2097152) = 0 [pid 2175] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2175] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2175] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2175] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2175] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2175] mkdir("./file0", 0777) = 0 [pid 2175] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2175] ioctl(4, LOOP_CLR_FD) = 0 [pid 2175] close(4) = 0 [pid 2175] close(3) = 0 [pid 2175] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] <... futex resumed>) = 0 [pid 2175] chdir("./file0" [pid 2174] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2175] <... chdir resumed>) = 0 [pid 2175] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] <... futex resumed>) = 0 [pid 2175] creat("./file0", 000 [pid 2174] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2175] <... creat resumed>) = 3 [pid 2175] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2175] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2174] <... futex resumed>) = 0 [pid 2174] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2175] <... write resumed>) = 40 [pid 2174] <... mmap resumed>) = 0x7f0168051000 [pid 2175] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2175] <... futex resumed>) = 0 [pid 2174] <... mprotect resumed>) = 0 [pid 2175] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2178 attached , parent_tid=[2178], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2178 [pid 2178] set_robust_list(0x7f01680719e0, 24 [pid 2174] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2178] <... set_robust_list resumed>) = 0 [pid 2174] <... futex resumed>) = 0 [pid 2178] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2174] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2178] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2178] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2174] <... futex resumed>) = 0 [pid 2178] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2175] <... futex resumed>) = 0 [pid 2174] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2175] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2175] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2174] <... futex resumed>) = 0 [pid 2175] <... futex resumed>) = 1 [pid 2174] exit_group(0 [pid 2175] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2174] <... exit_group resumed>) = ? [pid 2175] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 2178] <... futex resumed>) = ? [pid 2175] +++ exited with 0 +++ [pid 2178] +++ exited with 0 +++ [pid 2174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2174, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./377/binderfs") = 0 [ 73.842551][ T2178] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 73.858456][ T2178] EXT4-fs (loop0): pa ffff8881db8a2a80: logic 16, phys. 128, len 24 [ 73.866593][ T2178] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2179 attached , child_tidptr=0x55555656e5d0) = 2179 [pid 2179] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2179] chdir("./378") = 0 [pid 2179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2179] setpgid(0, 0) = 0 [pid 2179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2179] write(3, "1000", 4) = 4 [pid 2179] close(3) = 0 [pid 2179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2179] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2179] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2179] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2180], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2180 ./strace-static-x86_64: Process 2180 attached [pid 2180] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2179] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2180] memfd_create("syzkaller", 0) = 3 [pid 2180] ftruncate(3, 2097152) = 0 [pid 2180] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2180] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2180] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2180] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2180] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2180] mkdir("./file0", 0777) = 0 [pid 2180] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2180] ioctl(4, LOOP_CLR_FD) = 0 [pid 2180] close(4) = 0 [pid 2180] close(3) = 0 [pid 2180] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2180] <... futex resumed>) = 1 [pid 2180] chdir("./file0") = 0 [pid 2180] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2180] <... futex resumed>) = 1 [pid 2180] creat("./file0", 000) = 3 [pid 2180] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2179] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2179] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2183 attached , parent_tid=[2183], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2183 [pid 2183] set_robust_list(0x7f01680719e0, 24 [pid 2179] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2183] <... set_robust_list resumed>) = 0 [pid 2183] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2180] <... futex resumed>) = 1 [pid 2180] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2183] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2183] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2180] <... write resumed>) = 40 [pid 2180] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2180] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2183] <... futex resumed>) = 1 [pid 2179] <... futex resumed>) = 0 [pid 2179] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2179] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2180] <... futex resumed>) = 0 [pid 2183] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2180] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2180] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2179] <... futex resumed>) = 0 [pid 2179] exit_group(0) = ? [pid 2183] <... futex resumed>) = ? [pid 2183] +++ exited with 0 +++ [pid 2180] <... futex resumed>) = ? [pid 2180] +++ exited with 0 +++ [pid 2179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2179, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./378/binderfs") = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2184 ./strace-static-x86_64: Process 2184 attached [pid 2184] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2184] chdir("./379") = 0 [pid 2184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2184] setpgid(0, 0) = 0 [pid 2184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2184] write(3, "1000", 4) = 4 [pid 2184] close(3) = 0 [pid 2184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2184] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2184] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2184] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2185 attached , parent_tid=[2185], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2185 [pid 2185] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2185] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2184] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2185] <... futex resumed>) = 0 [pid 2185] memfd_create("syzkaller", 0 [pid 2184] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2185] <... memfd_create resumed>) = 3 [pid 2185] ftruncate(3, 2097152) = 0 [pid 2185] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2185] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2185] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2185] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2185] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2185] mkdir("./file0", 0777) = 0 [pid 2185] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2185] ioctl(4, LOOP_CLR_FD) = 0 [pid 2185] close(4) = 0 [pid 2185] close(3) = 0 [pid 2185] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2185] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2184] <... futex resumed>) = 0 [pid 2184] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2185] <... futex resumed>) = 0 [pid 2184] <... futex resumed>) = 1 [pid 2185] chdir("./file0") = 0 [pid 2184] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2185] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2184] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2185] <... futex resumed>) = 0 [pid 2184] <... futex resumed>) = 1 [pid 2185] creat("./file0", 000 [pid 2184] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] <... creat resumed>) = 3 [pid 2185] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2184] <... futex resumed>) = 0 [pid 2185] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2184] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2185] <... futex resumed>) = 0 [pid 2184] <... futex resumed>) = 1 [pid 2184] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2185] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2184] <... futex resumed>) = 0 [pid 2184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2185] <... write resumed>) = 40 [pid 2185] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2184] <... mmap resumed>) = 0x7f0168051000 [pid 2185] <... futex resumed>) = 0 [pid 2185] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2184] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2184] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2188 attached , parent_tid=[2188], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2188 [pid 2184] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2184] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2188] set_robust_list(0x7f01680719e0, 24) = 0 [ 73.998358][ T2183] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata [pid 2188] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2188] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2184] <... futex resumed>) = 0 [pid 2184] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2184] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2185] <... futex resumed>) = 0 [pid 2185] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2185] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2188] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2185] <... futex resumed>) = 1 [pid 2185] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2184] <... futex resumed>) = 0 [pid 2184] exit_group(0 [pid 2185] <... futex resumed>) = ? [pid 2188] <... futex resumed>) = ? [pid 2185] +++ exited with 0 +++ [pid 2184] <... exit_group resumed>) = ? [pid 2188] +++ exited with 0 +++ [pid 2184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2184, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./379/binderfs") = 0 [ 74.049310][ T2188] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 74.066586][ T2188] EXT4-fs (loop0): pa ffff8881db8a2b28: logic 16, phys. 128, len 24 [ 74.074668][ T2188] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2189 ./strace-static-x86_64: Process 2189 attached [pid 2189] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2189] chdir("./380") = 0 [pid 2189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2189] setpgid(0, 0) = 0 [pid 2189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2189] write(3, "1000", 4) = 4 [pid 2189] close(3) = 0 [pid 2189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2189] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2189] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2189] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2190], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2190 [pid 2189] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2190 attached [pid 2190] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2190] memfd_create("syzkaller", 0) = 3 [pid 2190] ftruncate(3, 2097152) = 0 [pid 2190] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2190] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2190] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2190] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2190] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2190] mkdir("./file0", 0777) = 0 [pid 2190] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2190] ioctl(4, LOOP_CLR_FD) = 0 [pid 2190] close(4) = 0 [pid 2190] close(3) = 0 [pid 2190] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2189] <... futex resumed>) = 0 [pid 2189] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2190] <... futex resumed>) = 1 [pid 2190] chdir("./file0") = 0 [pid 2190] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2189] <... futex resumed>) = 0 [pid 2189] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2190] <... futex resumed>) = 1 [pid 2190] creat("./file0", 000) = 3 [pid 2190] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2189] <... futex resumed>) = 0 [pid 2189] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2189] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2189] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2193], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2193 [pid 2189] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2189] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2190] <... futex resumed>) = 1 [pid 2190] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2190] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2190] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2193 attached [pid 2193] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2193] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2193] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2189] <... futex resumed>) = 0 [pid 2193] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2189] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2190] <... futex resumed>) = 0 [pid 2189] <... futex resumed>) = 1 [pid 2190] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2190] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2190] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2189] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2189] exit_group(0 [pid 2190] <... futex resumed>) = ? [pid 2189] <... exit_group resumed>) = ? [pid 2193] <... futex resumed>) = ? [pid 2190] +++ exited with 0 +++ [pid 2193] +++ exited with 0 +++ [pid 2189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2189, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./380/binderfs") = 0 [ 74.191567][ T2193] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 74.208724][ T2193] EXT4-fs (loop0): pa ffff8881db8a21f8: logic 16, phys. 128, len 24 [ 74.216845][ T2193] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./380/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./380/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./380") = 0 mkdir("./381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2194 ./strace-static-x86_64: Process 2194 attached [pid 2194] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2194] chdir("./381") = 0 [pid 2194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2194] setpgid(0, 0) = 0 [pid 2194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2194] write(3, "1000", 4) = 4 [pid 2194] close(3) = 0 [pid 2194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2194] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2194] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2194] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2195 attached , parent_tid=[2195], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2195 [pid 2194] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2195] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2195] memfd_create("syzkaller", 0) = 3 [pid 2195] ftruncate(3, 2097152) = 0 [pid 2195] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2195] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2195] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2195] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2195] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2195] mkdir("./file0", 0777) = 0 [pid 2195] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2195] ioctl(4, LOOP_CLR_FD) = 0 [pid 2195] close(4) = 0 [pid 2195] close(3) = 0 [pid 2195] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2194] <... futex resumed>) = 0 [pid 2194] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2195] <... futex resumed>) = 1 [pid 2195] chdir("./file0") = 0 [pid 2195] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2194] <... futex resumed>) = 0 [pid 2194] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2195] <... futex resumed>) = 1 [pid 2195] creat("./file0", 000) = 3 [pid 2195] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2194] <... futex resumed>) = 0 [pid 2194] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2194] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2194] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2198], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2198 [pid 2194] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2194] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2195] <... futex resumed>) = 1 [pid 2195] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2195] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2195] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2198 attached [pid 2198] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2198] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2198] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2194] <... futex resumed>) = 0 [pid 2198] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2194] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2194] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2195] <... futex resumed>) = 0 [pid 2195] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2195] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2194] <... futex resumed>) = 0 [pid 2194] exit_group(0 [pid 2198] <... futex resumed>) = ? [pid 2194] <... exit_group resumed>) = ? [pid 2198] +++ exited with 0 +++ [pid 2195] <... futex resumed>) = ? [pid 2195] +++ exited with 0 +++ [pid 2194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2194, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./381/binderfs") = 0 [ 74.365297][ T2198] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 74.382999][ T2195] EXT4-fs (loop0): pa ffff8881db8a2d20: logic 16, phys. 128, len 24 [ 74.391006][ T2195] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./381/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./381/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./381") = 0 mkdir("./382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2199 ./strace-static-x86_64: Process 2199 attached [pid 2199] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2199] chdir("./382") = 0 [pid 2199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2199] setpgid(0, 0) = 0 [pid 2199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2199] write(3, "1000", 4) = 4 [pid 2199] close(3) = 0 [pid 2199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2199] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2199] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2199] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2200 attached , parent_tid=[2200], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2200 [pid 2200] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2200] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2199] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2200] <... futex resumed>) = 0 [pid 2200] memfd_create("syzkaller", 0 [pid 2199] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2200] <... memfd_create resumed>) = 3 [pid 2200] ftruncate(3, 2097152) = 0 [pid 2200] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2200] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2200] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2200] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2200] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2200] mkdir("./file0", 0777) = 0 [pid 2200] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2200] ioctl(4, LOOP_CLR_FD) = 0 [pid 2200] close(4) = 0 [pid 2200] close(3) = 0 [pid 2200] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2199] <... futex resumed>) = 0 [pid 2199] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2199] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2200] <... futex resumed>) = 1 [pid 2200] chdir("./file0") = 0 [pid 2200] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2199] <... futex resumed>) = 0 [pid 2199] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2199] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2200] <... futex resumed>) = 1 [pid 2200] creat("./file0", 000) = 3 [pid 2200] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2199] <... futex resumed>) = 0 [pid 2199] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2199] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2199] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2199] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2203], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2203 [pid 2199] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2199] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2200] <... futex resumed>) = 1 [pid 2200] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2200] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2200] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2203 attached [pid 2203] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2203] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2203] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2199] <... futex resumed>) = 0 [pid 2199] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2199] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2200] <... futex resumed>) = 0 [pid 2200] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2200] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2199] <... futex resumed>) = 0 [pid 2199] exit_group(0) = ? [pid 2200] <... futex resumed>) = ? [pid 2200] +++ exited with 0 +++ [pid 2203] +++ exited with 0 +++ [pid 2199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2199, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./382/binderfs") = 0 [ 74.505327][ T2203] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 74.522045][ T2203] EXT4-fs (loop0): pa ffff8881db90ed20: logic 16, phys. 128, len 24 [ 74.530058][ T2203] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./382/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./382/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./382") = 0 mkdir("./383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2204 ./strace-static-x86_64: Process 2204 attached [pid 2204] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2204] chdir("./383") = 0 [pid 2204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2204] setpgid(0, 0) = 0 [pid 2204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2204] write(3, "1000", 4) = 4 [pid 2204] close(3) = 0 [pid 2204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2204] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2204] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2204] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2205], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2205 [pid 2204] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2205 attached [pid 2205] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2205] memfd_create("syzkaller", 0) = 3 [pid 2205] ftruncate(3, 2097152) = 0 [pid 2205] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2205] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2205] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2205] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2205] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2205] mkdir("./file0", 0777) = 0 [pid 2205] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2205] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2205] ioctl(4, LOOP_CLR_FD) = 0 [pid 2205] close(4) = 0 [pid 2205] close(3) = 0 [pid 2205] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2204] <... futex resumed>) = 0 [pid 2204] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2205] chdir("./file0") = 0 [pid 2205] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2204] <... futex resumed>) = 0 [pid 2204] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2205] creat("./file0", 000) = 3 [pid 2205] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2204] <... futex resumed>) = 0 [pid 2204] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2204] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2204] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2208 attached , parent_tid=[2208], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2208 [pid 2204] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2204] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2205] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2208] set_robust_list(0x7f01680719e0, 24 [pid 2205] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2205] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2208] <... set_robust_list resumed>) = 0 [pid 2208] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2208] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2204] <... futex resumed>) = 0 [pid 2204] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2204] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2205] <... futex resumed>) = 0 [pid 2205] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2205] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2204] <... futex resumed>) = 0 [pid 2204] exit_group(0) = ? [pid 2208] +++ exited with 0 +++ [pid 2205] +++ exited with 0 +++ [pid 2204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2204, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./383/binderfs") = 0 [ 74.637772][ T2208] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 74.654452][ T2205] EXT4-fs (loop0): pa ffff8881db8a25e8: logic 16, phys. 128, len 24 [ 74.662660][ T2205] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./383/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./383/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./383") = 0 mkdir("./384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2209 ./strace-static-x86_64: Process 2209 attached [pid 2209] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2209] chdir("./384") = 0 [pid 2209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2209] setpgid(0, 0) = 0 [pid 2209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2209] write(3, "1000", 4) = 4 [pid 2209] close(3) = 0 [pid 2209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2209] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2209] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2209] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2210], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2210 [pid 2209] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2209] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2210 attached [pid 2210] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2210] memfd_create("syzkaller", 0) = 3 [pid 2210] ftruncate(3, 2097152) = 0 [pid 2210] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2210] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2210] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2210] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2210] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2210] mkdir("./file0", 0777) = 0 [pid 2210] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2210] ioctl(4, LOOP_CLR_FD) = 0 [pid 2210] close(4) = 0 [pid 2210] close(3) = 0 [pid 2210] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2209] <... futex resumed>) = 0 [pid 2209] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2209] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2210] <... futex resumed>) = 1 [pid 2210] chdir("./file0") = 0 [pid 2210] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2209] <... futex resumed>) = 0 [pid 2209] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2209] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2210] <... futex resumed>) = 1 [pid 2210] creat("./file0", 000) = 3 [pid 2210] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2209] <... futex resumed>) = 0 [pid 2209] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2209] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2209] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2209] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2213], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2213 [pid 2209] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2209] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2210] <... futex resumed>) = 1 [pid 2210] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2210] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2210] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2213 attached [pid 2213] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2213] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2213] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2209] <... futex resumed>) = 0 [pid 2209] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2209] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2210] <... futex resumed>) = 0 [pid 2210] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2210] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2209] <... futex resumed>) = 0 [pid 2209] exit_group(0) = ? [pid 2210] <... futex resumed>) = ? [pid 2210] +++ exited with 0 +++ [pid 2213] +++ exited with 0 +++ [pid 2209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2209, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./384/binderfs") = 0 [ 74.798666][ T2213] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 74.815336][ T2213] EXT4-fs (loop0): pa ffff8881db90e498: logic 16, phys. 128, len 24 [ 74.823389][ T2213] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./384/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./384/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./384") = 0 mkdir("./385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2214 ./strace-static-x86_64: Process 2214 attached [pid 2214] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2214] chdir("./385") = 0 [pid 2214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2214] setpgid(0, 0) = 0 [pid 2214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2214] write(3, "1000", 4) = 4 [pid 2214] close(3) = 0 [pid 2214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2214] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2214] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2214] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2215], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2215 [pid 2214] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2215 attached [pid 2215] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2215] memfd_create("syzkaller", 0) = 3 [pid 2215] ftruncate(3, 2097152) = 0 [pid 2215] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2215] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2215] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2215] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2215] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2215] mkdir("./file0", 0777) = 0 [pid 2215] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2215] ioctl(4, LOOP_CLR_FD) = 0 [pid 2215] close(4) = 0 [pid 2215] close(3) = 0 [pid 2215] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2215] <... futex resumed>) = 1 [pid 2215] chdir("./file0") = 0 [pid 2215] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2215] <... futex resumed>) = 1 [pid 2215] creat("./file0", 000) = 3 [pid 2215] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2214] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2214] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2218], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2218 [pid 2214] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2214] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2215] <... futex resumed>) = 1 [pid 2215] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2215] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2215] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2218 attached [pid 2218] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2218] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2218] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] <... futex resumed>) = 0 [pid 2214] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2214] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2218] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2215] <... futex resumed>) = 0 [pid 2215] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2215] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2214] <... futex resumed>) = 0 [pid 2214] exit_group(0) = ? [pid 2215] <... futex resumed>) = ? [pid 2215] +++ exited with 0 +++ [pid 2218] <... futex resumed>) = ? [pid 2218] +++ exited with 0 +++ [pid 2214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2214, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./385/binderfs") = 0 [ 74.924741][ T2218] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 74.941486][ T2218] EXT4-fs (loop0): pa ffff8881e69febd0: logic 16, phys. 128, len 24 [ 74.949542][ T2218] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./385/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./385/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./385") = 0 mkdir("./386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2219 ./strace-static-x86_64: Process 2219 attached [pid 2219] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2219] chdir("./386") = 0 [pid 2219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2219] setpgid(0, 0) = 0 [pid 2219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2219] write(3, "1000", 4) = 4 [pid 2219] close(3) = 0 [pid 2219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2219] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2219] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2219] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2220], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2220 [pid 2219] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2219] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2220 attached [pid 2220] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2220] memfd_create("syzkaller", 0) = 3 [pid 2220] ftruncate(3, 2097152) = 0 [pid 2220] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2220] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2220] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2220] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2220] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2220] mkdir("./file0", 0777) = 0 [pid 2220] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2220] ioctl(4, LOOP_CLR_FD) = 0 [pid 2220] close(4) = 0 [pid 2220] close(3) = 0 [pid 2220] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2219] <... futex resumed>) = 0 [pid 2219] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2219] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2220] chdir("./file0") = 0 [pid 2220] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2219] <... futex resumed>) = 0 [pid 2219] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2219] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2220] creat("./file0", 000) = 3 [pid 2220] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2219] <... futex resumed>) = 0 [pid 2219] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2219] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2219] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2219] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2223], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2223 [pid 2219] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2219] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2220] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2220] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2220] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2223 attached [pid 2223] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2223] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2223] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2219] <... futex resumed>) = 0 [pid 2219] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2219] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2223] <... futex resumed>) = 1 [pid 2223] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2220] <... futex resumed>) = 0 [pid 2220] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2220] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2219] <... futex resumed>) = 0 [pid 2219] exit_group(0) = ? [pid 2223] <... futex resumed>) = ? [pid 2223] +++ exited with 0 +++ [pid 2220] +++ exited with 0 +++ [pid 2219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2219, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./386/binderfs") = 0 [ 75.090229][ T2223] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 75.107484][ T2220] EXT4-fs (loop0): pa ffff8881db8a2000: logic 16, phys. 128, len 24 [ 75.115541][ T2220] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./386/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./386/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./386") = 0 mkdir("./387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2224 ./strace-static-x86_64: Process 2224 attached [pid 2224] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2224] chdir("./387") = 0 [pid 2224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2224] setpgid(0, 0) = 0 [pid 2224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2224] write(3, "1000", 4) = 4 [pid 2224] close(3) = 0 [pid 2224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2224] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2224] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2224] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2225 attached [pid 2225] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2225] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2224] <... clone resumed>, parent_tid=[2225], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2225 [pid 2224] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] memfd_create("syzkaller", 0) = 3 [pid 2225] ftruncate(3, 2097152) = 0 [pid 2225] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2225] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2225] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2225] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2225] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2225] mkdir("./file0", 0777) = 0 [pid 2225] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 2224] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2225] <... mount resumed>) = 0 [pid 2225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2225] ioctl(4, LOOP_CLR_FD) = 0 [pid 2225] close(4) = 0 [pid 2225] close(3) = 0 [pid 2225] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2224] <... futex resumed>) = 0 [pid 2224] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] chdir("./file0") = 0 [pid 2225] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2224] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2224] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] creat("./file0", 000 [pid 2224] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2225] <... creat resumed>) = 3 [pid 2225] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2224] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2225] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2225] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2224] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2225] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2224] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2225] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2225] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2224] <... futex resumed>) = 0 [pid 2224] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2225] <... futex resumed>) = 0 [pid 2224] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2225] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2225] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2224] <... futex resumed>) = 0 [pid 2225] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2224] exit_group(0) = ? [pid 2225] <... futex resumed>) = ? [pid 2225] +++ exited with 0 +++ [pid 2224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2224, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./387/binderfs") = 0 [ 75.256755][ T2225] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 75.273565][ T2225] EXT4-fs (loop0): pa ffff8881db8a2150: logic 16, phys. 128, len 24 [ 75.281579][ T2225] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./387/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./387/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./387") = 0 mkdir("./388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2228 ./strace-static-x86_64: Process 2228 attached [pid 2228] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2228] chdir("./388") = 0 [pid 2228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2228] setpgid(0, 0) = 0 [pid 2228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2228] write(3, "1000", 4) = 4 [pid 2228] close(3) = 0 [pid 2228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2228] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2228] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2228] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2229 attached [pid 2229] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2229] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] <... clone resumed>, parent_tid=[2229], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2229 [pid 2228] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2229] <... futex resumed>) = 0 [pid 2228] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2229] memfd_create("syzkaller", 0) = 3 [pid 2229] ftruncate(3, 2097152) = 0 [pid 2229] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2229] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2229] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2229] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2229] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2229] mkdir("./file0", 0777) = 0 [pid 2229] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2229] ioctl(4, LOOP_CLR_FD) = 0 [pid 2229] close(4) = 0 [pid 2229] close(3) = 0 [pid 2229] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2228] <... futex resumed>) = 0 [pid 2229] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2228] <... futex resumed>) = 0 [pid 2229] chdir("./file0" [pid 2228] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2229] <... chdir resumed>) = 0 [pid 2229] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2229] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] <... futex resumed>) = 0 [pid 2228] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2229] <... futex resumed>) = 0 [pid 2228] <... futex resumed>) = 1 [pid 2229] creat("./file0", 000 [pid 2228] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2229] <... creat resumed>) = 3 [pid 2229] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2229] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2229] <... futex resumed>) = 0 [pid 2228] <... futex resumed>) = 1 [pid 2229] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2229] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2229] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2229] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2228] <... futex resumed>) = 0 [pid 2229] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2228] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2229] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2229] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2228] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2229] <... futex resumed>) = 0 [pid 2229] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2229] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2229] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2228] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2228] exit_group(0) = ? [pid 2229] <... futex resumed>) = ? [pid 2229] +++ exited with 0 +++ [pid 2228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2228, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./388/binderfs") = 0 [ 75.372728][ T2229] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 75.390284][ T2228] EXT4-fs (loop0): pa ffff8881e68aed20: logic 16, phys. 128, len 24 [ 75.398384][ T2228] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./388/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./388/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./388") = 0 mkdir("./389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2232 ./strace-static-x86_64: Process 2232 attached [pid 2232] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2232] chdir("./389") = 0 [pid 2232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2232] setpgid(0, 0) = 0 [pid 2232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2232] write(3, "1000", 4) = 4 [pid 2232] close(3) = 0 [pid 2232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2232] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2232] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2232] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2233 attached , parent_tid=[2233], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2233 [pid 2233] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2233] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2232] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2233] <... futex resumed>) = 0 [pid 2233] memfd_create("syzkaller", 0 [pid 2232] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2233] <... memfd_create resumed>) = 3 [pid 2233] ftruncate(3, 2097152) = 0 [pid 2233] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2233] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2233] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2233] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2233] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2233] mkdir("./file0", 0777) = 0 [pid 2233] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2233] ioctl(4, LOOP_CLR_FD) = 0 [pid 2233] close(4) = 0 [pid 2233] close(3) = 0 [pid 2233] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2232] <... futex resumed>) = 0 [pid 2232] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2233] chdir("./file0") = 0 [pid 2232] <... futex resumed>) = 0 [pid 2232] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2233] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2232] <... futex resumed>) = 0 [pid 2232] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2233] creat("./file0", 000 [pid 2232] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2233] <... creat resumed>) = 3 [pid 2233] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2232] <... futex resumed>) = 0 [pid 2232] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2232] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2232] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2232] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2236], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2236 [pid 2232] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2232] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2233] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2233] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2233] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2236 attached [pid 2236] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2236] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2236] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2232] <... futex resumed>) = 0 [pid 2236] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2232] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2232] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2233] <... futex resumed>) = 0 [pid 2233] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2233] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2232] <... futex resumed>) = 0 [pid 2232] exit_group(0) = ? [pid 2236] <... futex resumed>) = ? [pid 2236] +++ exited with 0 +++ [pid 2233] +++ exited with 0 +++ [pid 2232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2232, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./389/binderfs") = 0 [ 75.518102][ T2236] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 75.535592][ T2233] EXT4-fs (loop0): pa ffff8881e68ae5e8: logic 16, phys. 128, len 24 [ 75.543714][ T2233] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./389/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./389/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./389") = 0 mkdir("./390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2237 ./strace-static-x86_64: Process 2237 attached [pid 2237] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2237] chdir("./390") = 0 [pid 2237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2237] setpgid(0, 0) = 0 [pid 2237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2237] write(3, "1000", 4) = 4 [pid 2237] close(3) = 0 [pid 2237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2237] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2237] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2237] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2238 attached , parent_tid=[2238], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2238 [pid 2238] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2237] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2238] memfd_create("syzkaller", 0 [pid 2237] <... futex resumed>) = 0 [pid 2237] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2238] <... memfd_create resumed>) = 3 [pid 2238] ftruncate(3, 2097152) = 0 [pid 2238] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2238] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2238] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2238] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2238] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2238] mkdir("./file0", 0777) = 0 [pid 2238] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2238] ioctl(4, LOOP_CLR_FD) = 0 [pid 2238] close(4) = 0 [pid 2238] close(3) = 0 [pid 2238] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2237] <... futex resumed>) = 0 [pid 2237] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2238] <... futex resumed>) = 1 [pid 2238] chdir("./file0") = 0 [pid 2238] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2237] <... futex resumed>) = 0 [pid 2237] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2238] <... futex resumed>) = 1 [pid 2238] creat("./file0", 000) = 3 [pid 2238] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2237] <... futex resumed>) = 0 [pid 2237] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2237] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2237] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2241], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2241 [pid 2237] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2237] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2238] <... futex resumed>) = 1 [pid 2238] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2238] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2238] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2241 attached [pid 2241] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2241] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2241] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2237] <... futex resumed>) = 0 [pid 2241] <... futex resumed>) = 1 [pid 2237] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2238] <... futex resumed>) = 0 [pid 2237] <... futex resumed>) = 1 [pid 2238] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2237] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2238] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2238] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2238] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2237] <... futex resumed>) = 0 [pid 2237] exit_group(0 [pid 2238] <... futex resumed>) = ? [pid 2237] <... exit_group resumed>) = ? [pid 2238] +++ exited with 0 +++ [pid 2241] +++ exited with 0 +++ [pid 2237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2237, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./390/binderfs") = 0 [ 75.632954][ T2241] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 75.649613][ T2241] EXT4-fs (loop0): pa ffff8881e68ae0a8: logic 16, phys. 128, len 24 [ 75.657689][ T2241] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./390/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./390/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./390") = 0 mkdir("./391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2242 ./strace-static-x86_64: Process 2242 attached [pid 2242] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2242] chdir("./391") = 0 [pid 2242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2242] setpgid(0, 0) = 0 [pid 2242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2242] write(3, "1000", 4) = 4 [pid 2242] close(3) = 0 [pid 2242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2242] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2242] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2242] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2243], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2243 [pid 2242] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2242] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2243 attached [pid 2243] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2243] memfd_create("syzkaller", 0) = 3 [pid 2243] ftruncate(3, 2097152) = 0 [pid 2243] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2243] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2243] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2243] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2243] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2243] mkdir("./file0", 0777) = 0 [pid 2243] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2243] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2243] ioctl(4, LOOP_CLR_FD) = 0 [pid 2243] close(4) = 0 [pid 2243] close(3) = 0 [pid 2243] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2242] <... futex resumed>) = 0 [pid 2242] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2242] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2243] <... futex resumed>) = 1 [pid 2243] chdir("./file0") = 0 [pid 2243] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2242] <... futex resumed>) = 0 [pid 2242] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2242] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2243] <... futex resumed>) = 1 [pid 2243] creat("./file0", 000) = 3 [pid 2243] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2242] <... futex resumed>) = 0 [pid 2242] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2242] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2242] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2242] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2246], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2246 [pid 2242] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2242] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2243] <... futex resumed>) = 1 [pid 2243] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2243] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2243] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2246 attached [pid 2246] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2246] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2246] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2242] <... futex resumed>) = 0 [pid 2242] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2242] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2243] <... futex resumed>) = 0 [pid 2243] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2243] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2242] <... futex resumed>) = 0 [pid 2242] exit_group(0) = ? [pid 2243] <... futex resumed>) = ? [pid 2243] +++ exited with 0 +++ [pid 2246] +++ exited with 0 +++ [pid 2242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2242, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./391/binderfs") = 0 [ 75.799919][ T2246] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 75.816357][ T2246] EXT4-fs (loop0): pa ffff8881e68ae930: logic 16, phys. 128, len 24 [ 75.824374][ T2246] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./391/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./391") = 0 mkdir("./392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2247 ./strace-static-x86_64: Process 2247 attached [pid 2247] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2247] chdir("./392") = 0 [pid 2247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2247] setpgid(0, 0) = 0 [pid 2247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2247] write(3, "1000", 4) = 4 [pid 2247] close(3) = 0 [pid 2247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2247] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2247] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2247] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2248 attached , parent_tid=[2248], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2248 [pid 2247] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2248] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2248] memfd_create("syzkaller", 0) = 3 [pid 2248] ftruncate(3, 2097152) = 0 [pid 2248] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2248] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2248] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2248] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2248] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2248] mkdir("./file0", 0777) = 0 [pid 2248] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2248] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2248] ioctl(4, LOOP_CLR_FD) = 0 [pid 2248] close(4) = 0 [pid 2248] close(3) = 0 [pid 2248] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2247] <... futex resumed>) = 0 [pid 2247] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2248] chdir("./file0") = 0 [pid 2248] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... futex resumed>) = 0 [pid 2248] <... futex resumed>) = 1 [pid 2247] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2247] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2248] creat("./file0", 000) = 3 [pid 2248] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2247] <... futex resumed>) = 0 [pid 2247] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2248] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2247] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2248] <... write resumed>) = 40 [pid 2247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2248] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2247] <... mmap resumed>) = 0x7f0168051000 [pid 2248] <... futex resumed>) = 0 [pid 2247] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2248] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2247] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2251 attached [pid 2251] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2251] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2247] <... clone resumed>, parent_tid=[2251], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2251 [pid 2247] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2251] <... futex resumed>) = 0 [pid 2247] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2251] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2251] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2247] <... futex resumed>) = 0 [pid 2251] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2247] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2247] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2248] <... futex resumed>) = 0 [pid 2248] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2248] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2247] <... futex resumed>) = 0 [pid 2247] exit_group(0 [pid 2251] <... futex resumed>) = ? [pid 2247] <... exit_group resumed>) = ? [pid 2251] +++ exited with 0 +++ [pid 2248] +++ exited with 0 +++ [pid 2247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2247, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./392/binderfs") = 0 [ 75.950762][ T2251] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 75.967825][ T2248] EXT4-fs (loop0): pa ffff8881db8a2540: logic 16, phys. 128, len 24 [ 75.975844][ T2248] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./392/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./392/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./392") = 0 mkdir("./393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2252 ./strace-static-x86_64: Process 2252 attached [pid 2252] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2252] chdir("./393") = 0 [pid 2252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2252] setpgid(0, 0) = 0 [pid 2252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2252] write(3, "1000", 4) = 4 [pid 2252] close(3) = 0 [pid 2252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2252] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2252] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2252] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2253], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2253 [pid 2252] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2253 attached [pid 2253] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2253] memfd_create("syzkaller", 0) = 3 [pid 2253] ftruncate(3, 2097152) = 0 [pid 2253] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2253] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2253] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2253] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2253] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2253] mkdir("./file0", 0777) = 0 [pid 2253] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2253] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2253] ioctl(4, LOOP_CLR_FD) = 0 [pid 2253] close(4) = 0 [pid 2253] close(3) = 0 [pid 2253] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2253] chdir("./file0" [pid 2252] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2253] <... chdir resumed>) = 0 [pid 2252] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2253] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2253] creat("./file0", 000 [pid 2252] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2253] <... creat resumed>) = 3 [pid 2253] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2253] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2252] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2252] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2253] <... write resumed>) = 40 [pid 2252] <... futex resumed>) = 0 [pid 2253] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2253] <... futex resumed>) = 0 [pid 2252] <... mmap resumed>) = 0x7f0168051000 [pid 2253] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2252] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2252] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2256 attached , parent_tid=[2256], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2256 [pid 2256] set_robust_list(0x7f01680719e0, 24 [pid 2252] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2256] <... set_robust_list resumed>) = 0 [pid 2252] <... futex resumed>) = 0 [pid 2256] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2252] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2256] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2256] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2252] <... futex resumed>) = 0 [pid 2256] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2252] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2253] <... futex resumed>) = 0 [pid 2252] <... futex resumed>) = 1 [pid 2253] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2252] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2253] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2253] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2253] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2252] <... futex resumed>) = 0 [pid 2252] exit_group(0) = ? [pid 2253] <... futex resumed>) = ? [pid 2253] +++ exited with 0 +++ [pid 2256] <... futex resumed>) = ? [pid 2256] +++ exited with 0 +++ [pid 2252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2252, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./393/binderfs") = 0 [ 76.114711][ T2256] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 76.131624][ T2256] EXT4-fs (loop0): pa ffff8881db8a20a8: logic 16, phys. 128, len 24 [ 76.139617][ T2256] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./393/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./393/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./393") = 0 mkdir("./394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2257 attached , child_tidptr=0x55555656e5d0) = 2257 [pid 2257] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2257] chdir("./394") = 0 [pid 2257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2257] setpgid(0, 0) = 0 [pid 2257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2257] write(3, "1000", 4) = 4 [pid 2257] close(3) = 0 [pid 2257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2257] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2257] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2257] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2258 attached [pid 2258] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2258] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] <... clone resumed>, parent_tid=[2258], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2258 [pid 2257] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] <... futex resumed>) = 0 [pid 2257] <... futex resumed>) = 1 [pid 2258] memfd_create("syzkaller", 0 [pid 2257] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2258] <... memfd_create resumed>) = 3 [pid 2258] ftruncate(3, 2097152) = 0 [pid 2258] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2258] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2258] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2258] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2258] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2258] mkdir("./file0", 0777) = 0 [pid 2258] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2258] ioctl(4, LOOP_CLR_FD) = 0 [pid 2258] close(4) = 0 [pid 2258] close(3) = 0 [pid 2258] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2258] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] <... futex resumed>) = 0 [pid 2257] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] <... futex resumed>) = 0 [pid 2257] <... futex resumed>) = 1 [pid 2258] chdir("./file0") = 0 [pid 2258] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2257] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2258] <... futex resumed>) = 0 [pid 2257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2258] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2258] <... futex resumed>) = 0 [pid 2257] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2258] creat("./file0", 000) = 3 [pid 2258] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2258] <... futex resumed>) = 0 [pid 2258] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2258] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2257] <... futex resumed>) = 0 [pid 2258] <... write resumed>) = 40 [pid 2257] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2257] <... futex resumed>) = 0 [pid 2258] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2257] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2257] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2261], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2261 [pid 2257] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2261 attached ) = 0 [pid 2261] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2261] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2257] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2261] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2261] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2261] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2257] <... futex resumed>) = 0 [pid 2257] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2258] <... futex resumed>) = 0 [pid 2257] <... futex resumed>) = 1 [pid 2258] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2257] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2258] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2257] <... futex resumed>) = 0 [pid 2257] exit_group(0) = ? [pid 2258] exit_group(0 [pid 2261] <... futex resumed>) = ? [pid 2258] +++ exited with 0 +++ [pid 2261] +++ exited with 0 +++ [pid 2257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2257, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./394/binderfs") = 0 [ 76.237750][ T2261] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 76.263826][ T2261] EXT4-fs (loop0): pa ffff8881db8a2e70: logic 16, phys. 128, len 24 [ 76.271913][ T2261] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./394/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./394/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./394") = 0 mkdir("./395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2262 ./strace-static-x86_64: Process 2262 attached [pid 2262] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2262] chdir("./395") = 0 [pid 2262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2262] setpgid(0, 0) = 0 [pid 2262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2262] write(3, "1000", 4) = 4 [pid 2262] close(3) = 0 [pid 2262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2262] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2262] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2262] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2263], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2263 [pid 2262] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2262] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2263 attached [pid 2263] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2263] memfd_create("syzkaller", 0) = 3 [pid 2263] ftruncate(3, 2097152) = 0 [pid 2263] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2263] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2263] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2263] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2263] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2263] mkdir("./file0", 0777) = 0 [pid 2263] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2263] ioctl(4, LOOP_CLR_FD) = 0 [pid 2263] close(4) = 0 [pid 2263] close(3) = 0 [pid 2263] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2263] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2262] <... futex resumed>) = 0 [pid 2262] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2263] <... futex resumed>) = 0 [pid 2263] chdir("./file0") = 0 [pid 2263] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2262] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] <... futex resumed>) = 0 [pid 2263] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2262] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2263] <... futex resumed>) = 0 [pid 2263] creat("./file0", 000 [pid 2262] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] <... creat resumed>) = 3 [pid 2263] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2263] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2262] <... futex resumed>) = 0 [pid 2262] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2263] <... futex resumed>) = 0 [pid 2263] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2262] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] <... write resumed>) = 40 [pid 2263] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2263] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2262] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2262] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2266 attached , parent_tid=[2266], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2266 [pid 2266] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2266] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2262] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2262] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2266] <... futex resumed>) = 0 [pid 2266] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2266] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2262] <... futex resumed>) = 0 [pid 2266] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2262] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2263] <... futex resumed>) = 0 [pid 2263] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2263] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2262] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2263] <... futex resumed>) = 0 [pid 2263] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2262] exit_group(0 [pid 2263] <... futex resumed>) = ? [pid 2263] +++ exited with 0 +++ [pid 2262] <... exit_group resumed>) = ? [pid 2266] <... futex resumed>) = ? [pid 2266] +++ exited with 0 +++ [pid 2262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2262, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./395/binderfs") = 0 [ 76.370743][ T2266] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 76.388292][ T2266] EXT4-fs (loop0): pa ffff8881e68ae348: logic 16, phys. 128, len 24 [ 76.396302][ T2266] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./395/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./395/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./395") = 0 mkdir("./396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2267 ./strace-static-x86_64: Process 2267 attached [pid 2267] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2267] chdir("./396") = 0 [pid 2267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2267] setpgid(0, 0) = 0 [pid 2267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2267] write(3, "1000", 4) = 4 [pid 2267] close(3) = 0 [pid 2267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2267] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2267] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2267] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2268], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2268 [pid 2267] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2268 attached [pid 2268] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2268] memfd_create("syzkaller", 0) = 3 [pid 2268] ftruncate(3, 2097152) = 0 [pid 2268] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2268] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2268] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2268] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2268] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2268] mkdir("./file0", 0777) = 0 [pid 2268] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2268] ioctl(4, LOOP_CLR_FD) = 0 [pid 2268] close(4) = 0 [pid 2268] close(3) = 0 [pid 2268] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2267] <... futex resumed>) = 0 [pid 2267] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] <... futex resumed>) = 1 [pid 2268] chdir("./file0") = 0 [pid 2268] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2267] <... futex resumed>) = 0 [pid 2267] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] <... futex resumed>) = 1 [pid 2268] creat("./file0", 000) = 3 [pid 2268] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2267] <... futex resumed>) = 0 [pid 2267] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2267] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2267] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2271], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2271 [pid 2267] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2267] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] <... futex resumed>) = 1 [pid 2268] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2268] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2268] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2271 attached [pid 2271] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2271] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2271] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2267] <... futex resumed>) = 0 [pid 2271] <... futex resumed>) = 1 [pid 2267] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2271] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2268] <... futex resumed>) = 0 [pid 2267] <... futex resumed>) = 1 [pid 2268] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2267] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2268] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2268] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2267] <... futex resumed>) = 0 [pid 2268] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2267] exit_group(0) = ? [pid 2268] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 2268] +++ exited with 0 +++ [pid 2271] <... futex resumed>) = ? [pid 2271] +++ exited with 0 +++ [pid 2267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2267, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./396/binderfs") = 0 [ 76.483119][ T2271] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 76.499035][ T2271] EXT4-fs (loop0): pa ffff8881e69113f0: logic 16, phys. 128, len 24 [ 76.507073][ T2271] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./396/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./396/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./396") = 0 mkdir("./397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2272 ./strace-static-x86_64: Process 2272 attached [pid 2272] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2272] chdir("./397") = 0 [pid 2272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2272] setpgid(0, 0) = 0 [pid 2272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2272] write(3, "1000", 4) = 4 [pid 2272] close(3) = 0 [pid 2272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2272] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2272] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2272] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2273 attached , parent_tid=[2273], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2273 [pid 2272] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2273] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2273] memfd_create("syzkaller", 0) = 3 [pid 2273] ftruncate(3, 2097152) = 0 [pid 2273] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2273] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2273] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2273] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2273] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2273] mkdir("./file0", 0777) = 0 [pid 2273] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2273] ioctl(4, LOOP_CLR_FD) = 0 [pid 2273] close(4) = 0 [pid 2273] close(3) = 0 [pid 2273] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2273] chdir("./file0") = 0 [pid 2273] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2273] creat("./file0", 000) = 3 [pid 2273] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2273] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2272] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2273] <... write resumed>) = 40 [pid 2272] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2273] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] <... clone resumed>, parent_tid=[2276], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2276 [pid 2272] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2272] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2276 attached [pid 2273] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2276] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2276] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2276] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2272] <... futex resumed>) = 0 [pid 2272] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2272] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2273] <... futex resumed>) = 0 [pid 2273] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2273] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2272] <... futex resumed>) = 0 [pid 2273] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2276] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2272] exit_group(0 [pid 2273] <... futex resumed>) = ? [pid 2272] <... exit_group resumed>) = ? [pid 2276] <... futex resumed>) = ? [pid 2273] +++ exited with 0 +++ [pid 2276] +++ exited with 0 +++ [pid 2272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2272, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./397/binderfs") = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./397/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./397/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./397") = 0 mkdir("./398", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2277 ./strace-static-x86_64: Process 2277 attached [pid 2277] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2277] chdir("./398") = 0 [pid 2277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2277] setpgid(0, 0) = 0 [pid 2277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2277] write(3, "1000", 4) = 4 [pid 2277] close(3) = 0 [pid 2277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2277] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2277] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2277] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2278], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2278 [ 76.640075][ T2276] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 76.658643][ T2276] EXT4-fs (loop0): pa ffff8881e6911540: logic 16, phys. 128, len 24 [ 76.666666][ T2276] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 2277] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2278 attached [pid 2277] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2278] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2278] memfd_create("syzkaller", 0) = 3 [pid 2278] ftruncate(3, 2097152) = 0 [pid 2278] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2278] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2278] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2278] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2278] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2278] mkdir("./file0", 0777) = 0 [pid 2278] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2278] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2278] ioctl(4, LOOP_CLR_FD) = 0 [pid 2278] close(4) = 0 [pid 2278] close(3) = 0 [pid 2278] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] <... futex resumed>) = 0 [pid 2277] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2278] chdir("./file0" [pid 2277] <... futex resumed>) = 0 [pid 2277] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2278] <... chdir resumed>) = 0 [pid 2278] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2277] <... futex resumed>) = 0 [pid 2278] <... futex resumed>) = 1 [pid 2278] creat("./file0", 000 [pid 2277] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2277] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2278] <... creat resumed>) = 3 [pid 2278] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] <... futex resumed>) = 0 [pid 2278] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2277] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2277] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2278] <... write resumed>) = 40 [pid 2277] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2278] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2277] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2281 attached [pid 2281] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2281] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2278] <... futex resumed>) = 0 [pid 2277] <... clone resumed>, parent_tid=[2281], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2281 [pid 2277] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2281] <... futex resumed>) = 0 [pid 2277] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2281] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2278] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2281] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2281] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] <... futex resumed>) = 0 [pid 2277] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2277] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2278] <... futex resumed>) = 0 [pid 2278] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2281] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2278] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2278] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2277] <... futex resumed>) = 0 [pid 2277] exit_group(0) = ? [pid 2281] <... futex resumed>) = ? [pid 2278] <... futex resumed>) = ? [pid 2278] +++ exited with 0 +++ [pid 2281] +++ exited with 0 +++ [pid 2277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2277, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./398/binderfs") = 0 [ 76.745758][ T2281] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 76.762919][ T2281] EXT4-fs (loop0): pa ffff8881e6911bd0: logic 16, phys. 128, len 24 [ 76.771112][ T2281] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./398/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./398/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./398") = 0 mkdir("./399", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2282 ./strace-static-x86_64: Process 2282 attached [pid 2282] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2282] chdir("./399") = 0 [pid 2282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2282] setpgid(0, 0) = 0 [pid 2282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2282] write(3, "1000", 4) = 4 [pid 2282] close(3) = 0 [pid 2282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2282] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2282] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2282] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2283], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2283 [pid 2282] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2283 attached ) = 0 [pid 2282] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2283] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2283] memfd_create("syzkaller", 0) = 3 [pid 2283] ftruncate(3, 2097152) = 0 [pid 2283] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2283] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2283] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2283] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2283] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2283] mkdir("./file0", 0777) = 0 [pid 2283] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2283] ioctl(4, LOOP_CLR_FD) = 0 [pid 2283] close(4) = 0 [pid 2283] close(3) = 0 [pid 2283] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2282] <... futex resumed>) = 0 [pid 2282] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2283] chdir("./file0" [pid 2282] <... futex resumed>) = 0 [pid 2282] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2283] <... chdir resumed>) = 0 [pid 2283] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2282] <... futex resumed>) = 0 [pid 2283] <... futex resumed>) = 1 [pid 2282] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2283] creat("./file0", 000 [pid 2282] <... futex resumed>) = 0 [pid 2282] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2283] <... creat resumed>) = 3 [pid 2283] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2282] <... futex resumed>) = 0 [pid 2282] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2282] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2282] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2286 attached [pid 2286] set_robust_list(0x7f01680719e0, 24 [pid 2282] <... clone resumed>, parent_tid=[2286], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2286 [pid 2286] <... set_robust_list resumed>) = 0 [pid 2282] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2286] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2282] <... futex resumed>) = 0 [pid 2282] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2283] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2286] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2286] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2282] <... futex resumed>) = 0 [pid 2286] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2282] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2282] <... futex resumed>) = 0 [pid 2286] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2282] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2286] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2286] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2286] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2282] <... futex resumed>) = 0 [pid 2283] <... write resumed>) = 40 [pid 2283] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2283] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2282] exit_group(0) = ? [pid 2286] <... futex resumed>) = ? [pid 2286] +++ exited with 0 +++ [pid 2283] <... futex resumed>) = ? [pid 2283] +++ exited with 0 +++ [pid 2282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2282, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./399/binderfs") = 0 [ 76.934795][ T2286] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./399/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./399/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./399") = 0 mkdir("./400", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2287 ./strace-static-x86_64: Process 2287 attached [pid 2287] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2287] chdir("./400") = 0 [pid 2287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2287] setpgid(0, 0) = 0 [pid 2287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2287] write(3, "1000", 4) = 4 [pid 2287] close(3) = 0 [pid 2287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2287] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2287] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2287] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2288], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2288 [pid 2287] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2288 attached [pid 2288] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2288] memfd_create("syzkaller", 0) = 3 [pid 2288] ftruncate(3, 2097152) = 0 [pid 2288] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2288] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2288] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2288] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2288] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2288] mkdir("./file0", 0777) = 0 [pid 2288] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2288] ioctl(4, LOOP_CLR_FD) = 0 [pid 2288] close(4) = 0 [pid 2288] close(3) = 0 [pid 2288] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] <... futex resumed>) = 1 [pid 2288] chdir("./file0") = 0 [pid 2288] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] <... futex resumed>) = 1 [pid 2288] creat("./file0", 000) = 3 [pid 2288] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2287] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2287] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2291], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2291 [pid 2287] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2287] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] <... futex resumed>) = 1 [pid 2288] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40./strace-static-x86_64: Process 2291 attached [pid 2291] set_robust_list(0x7f01680719e0, 24 [pid 2288] <... write resumed>) = 40 [pid 2288] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2288] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2291] <... set_robust_list resumed>) = 0 [pid 2291] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2291] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2287] <... futex resumed>) = 0 [pid 2287] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2287] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2288] <... futex resumed>) = 0 [pid 2288] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2288] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2287] <... futex resumed>) = 0 [pid 2287] exit_group(0) = ? [pid 2288] <... futex resumed>) = ? [pid 2288] +++ exited with 0 +++ [pid 2291] +++ exited with 0 +++ [pid 2287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2287, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./400/binderfs") = 0 [ 77.053956][ T2291] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 77.070467][ T2291] EXT4-fs (loop0): pa ffff8881e68ae3f0: logic 16, phys. 128, len 24 [ 77.078503][ T2291] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./400/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./400/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./400") = 0 mkdir("./401", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2292 ./strace-static-x86_64: Process 2292 attached [pid 2292] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2292] chdir("./401") = 0 [pid 2292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2292] setpgid(0, 0) = 0 [pid 2292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2292] write(3, "1000", 4) = 4 [pid 2292] close(3) = 0 [pid 2292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2292] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2292] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2292] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2293], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2293 [pid 2292] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2293 attached [pid 2293] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2293] memfd_create("syzkaller", 0) = 3 [pid 2293] ftruncate(3, 2097152) = 0 [pid 2293] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2293] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2293] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2293] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2293] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2293] mkdir("./file0", 0777) = 0 [pid 2293] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2293] ioctl(4, LOOP_CLR_FD) = 0 [pid 2293] close(4) = 0 [pid 2293] close(3) = 0 [pid 2293] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = 0 [pid 2292] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2293] <... futex resumed>) = 1 [pid 2293] chdir("./file0") = 0 [pid 2293] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = 0 [pid 2292] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2293] <... futex resumed>) = 1 [pid 2293] creat("./file0", 000) = 3 [pid 2293] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2292] <... futex resumed>) = 0 [pid 2292] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2292] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2292] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2296], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2296 [pid 2292] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2292] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2293] <... futex resumed>) = 1 [pid 2293] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2293] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2293] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2296 attached [pid 2296] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2296] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2296] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2292] <... futex resumed>) = 0 [pid 2296] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2292] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2293] <... futex resumed>) = 0 [pid 2292] <... futex resumed>) = 1 [pid 2293] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2292] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2293] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2293] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2292] <... futex resumed>) = 0 [pid 2292] exit_group(0 [pid 2293] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 2292] <... exit_group resumed>) = ? [pid 2293] +++ exited with 0 +++ [pid 2296] <... futex resumed>) = ? [pid 2296] +++ exited with 0 +++ [pid 2292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2292, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./401/binderfs") = 0 [ 77.182354][ T2296] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 77.199423][ T2296] EXT4-fs (loop0): pa ffff8881e6911e70: logic 16, phys. 128, len 24 [ 77.207704][ T2296] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./401/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./401") = 0 mkdir("./402", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2297 attached [pid 2297] set_robust_list(0x55555656e5e0, 24 [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2297 [pid 2297] <... set_robust_list resumed>) = 0 [pid 2297] chdir("./402") = 0 [pid 2297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2297] setpgid(0, 0) = 0 [pid 2297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2297] write(3, "1000", 4) = 4 [pid 2297] close(3) = 0 [pid 2297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2297] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2297] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2297] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2298], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2298 [pid 2297] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2298 attached [pid 2298] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2298] memfd_create("syzkaller", 0) = 3 [pid 2298] ftruncate(3, 2097152) = 0 [pid 2298] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2298] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2298] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2298] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2298] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2298] mkdir("./file0", 0777) = 0 [pid 2298] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2298] ioctl(4, LOOP_CLR_FD) = 0 [pid 2298] close(4) = 0 [pid 2298] close(3) = 0 [pid 2298] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2297] <... futex resumed>) = 0 [pid 2298] chdir("./file0" [pid 2297] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2298] <... chdir resumed>) = 0 [pid 2298] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2297] <... futex resumed>) = 0 [pid 2298] creat("./file0", 000 [pid 2297] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2298] <... creat resumed>) = 3 [pid 2298] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2297] <... futex resumed>) = 0 [pid 2298] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2297] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2297] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2298] <... write resumed>) = 40 [pid 2297] <... futex resumed>) = 0 [pid 2298] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2298] <... futex resumed>) = 0 [pid 2297] <... mmap resumed>) = 0x7f0168051000 [pid 2297] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2298] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2297] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2301 attached [pid 2301] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2301] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2297] <... clone resumed>, parent_tid=[2301], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2301 [pid 2297] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2301] <... futex resumed>) = 0 [pid 2301] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2297] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2301] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2301] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2301] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2297] <... futex resumed>) = 0 [pid 2297] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2297] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2298] <... futex resumed>) = 0 [pid 2298] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2298] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2297] <... futex resumed>) = 0 [pid 2298] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2297] exit_group(0) = ? [pid 2298] <... futex resumed>) = 231 [pid 2298] +++ exited with 0 +++ [pid 2301] <... futex resumed>) = ? [pid 2301] +++ exited with 0 +++ [pid 2297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2297, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./402/binderfs") = 0 [ 77.367755][ T2301] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 77.383650][ T2301] EXT4-fs (loop0): pa ffff8881e6911498: logic 16, phys. 128, len 24 [ 77.391660][ T2301] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./402/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./402/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./402") = 0 mkdir("./403", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2302 ./strace-static-x86_64: Process 2302 attached [pid 2302] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2302] chdir("./403") = 0 [pid 2302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2302] setpgid(0, 0) = 0 [pid 2302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2302] write(3, "1000", 4) = 4 [pid 2302] close(3) = 0 [pid 2302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2302] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2302] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2302] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2303], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2303 ./strace-static-x86_64: Process 2303 attached [pid 2302] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2303] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2303] memfd_create("syzkaller", 0) = 3 [pid 2303] ftruncate(3, 2097152) = 0 [pid 2303] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2303] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2303] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2303] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2303] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2303] mkdir("./file0", 0777) = 0 [pid 2303] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2303] ioctl(4, LOOP_CLR_FD) = 0 [pid 2303] close(4) = 0 [pid 2303] close(3) = 0 [pid 2303] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2303] <... futex resumed>) = 1 [pid 2303] chdir("./file0") = 0 [pid 2303] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2303] <... futex resumed>) = 1 [pid 2303] creat("./file0", 000) = 3 [pid 2303] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2302] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2302] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2306], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2306 [pid 2302] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2302] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2303] <... futex resumed>) = 1 [pid 2303] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2303] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2303] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2306 attached [pid 2306] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2306] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2306] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2302] <... futex resumed>) = 0 [pid 2302] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2302] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2303] <... futex resumed>) = 0 [pid 2303] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2303] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2302] <... futex resumed>) = 0 [pid 2302] exit_group(0) = ? [pid 2306] +++ exited with 0 +++ [pid 2303] <... futex resumed>) = ? [pid 2303] +++ exited with 0 +++ [pid 2302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2302, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./403/binderfs") = 0 [ 77.489231][ T2306] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 77.506084][ T2303] EXT4-fs (loop0): pa ffff8881e6911dc8: logic 16, phys. 128, len 24 [ 77.514301][ T2303] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./403/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./403/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./403") = 0 mkdir("./404", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2307 ./strace-static-x86_64: Process 2307 attached [pid 2307] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2307] chdir("./404") = 0 [pid 2307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2307] setpgid(0, 0) = 0 [pid 2307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2307] write(3, "1000", 4) = 4 [pid 2307] close(3) = 0 [pid 2307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2307] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2307] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2307] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2308], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2308 [pid 2307] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2308 attached [pid 2308] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2308] memfd_create("syzkaller", 0) = 3 [pid 2308] ftruncate(3, 2097152) = 0 [pid 2308] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2308] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2308] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2308] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2308] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2308] mkdir("./file0", 0777) = 0 [pid 2308] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2308] ioctl(4, LOOP_CLR_FD) = 0 [pid 2308] close(4) = 0 [pid 2308] close(3) = 0 [pid 2308] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2307] <... futex resumed>) = 0 [pid 2308] <... futex resumed>) = 1 [pid 2308] chdir("./file0" [pid 2307] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2308] <... chdir resumed>) = 0 [pid 2307] <... futex resumed>) = 0 [pid 2308] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2307] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2308] <... futex resumed>) = 0 [pid 2307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2308] creat("./file0", 000 [pid 2307] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2308] <... creat resumed>) = 3 [pid 2308] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2307] <... futex resumed>) = 0 [pid 2307] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2307] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2307] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2311 attached , parent_tid=[2311], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2311 [pid 2311] set_robust_list(0x7f01680719e0, 24 [pid 2307] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2311] <... set_robust_list resumed>) = 0 [pid 2307] <... futex resumed>) = 0 [pid 2308] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2307] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2311] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2311] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2307] <... futex resumed>) = 0 [pid 2311] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2307] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2311] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2311] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2307] <... futex resumed>) = 0 [pid 2311] <... futex resumed>) = 0 [pid 2307] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2311] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2308] <... write resumed>) = 40 [pid 2308] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2308] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2307] exit_group(0) = ? [pid 2311] <... futex resumed>) = ? [pid 2308] <... futex resumed>) = ? [pid 2311] +++ exited with 0 +++ [pid 2308] +++ exited with 0 +++ [pid 2307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./404/binderfs") = 0 [ 77.651170][ T2311] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./404/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./404/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./404") = 0 mkdir("./405", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2312 ./strace-static-x86_64: Process 2312 attached [pid 2312] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2312] chdir("./405") = 0 [pid 2312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2312] setpgid(0, 0) = 0 [pid 2312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2312] write(3, "1000", 4) = 4 [pid 2312] close(3) = 0 [pid 2312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2312] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2312] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2312] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2313 attached [pid 2313] set_robust_list(0x7f01680929e0, 24 [pid 2312] <... clone resumed>, parent_tid=[2313], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2313 [pid 2312] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2313] <... set_robust_list resumed>) = 0 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2313] memfd_create("syzkaller", 0) = 3 [pid 2313] ftruncate(3, 2097152) = 0 [pid 2313] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2313] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2313] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2313] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2313] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2313] mkdir("./file0", 0777) = 0 [pid 2313] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2313] ioctl(4, LOOP_CLR_FD) = 0 [pid 2313] close(4) = 0 [pid 2313] close(3) = 0 [pid 2313] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2313] <... futex resumed>) = 1 [pid 2313] chdir("./file0") = 0 [pid 2313] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2313] <... futex resumed>) = 1 [pid 2313] creat("./file0", 000) = 3 [pid 2313] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2312] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2312] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2316], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2316 [pid 2312] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2312] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2313] <... futex resumed>) = 1 [pid 2313] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2313] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2313] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2316 attached [pid 2316] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2316] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2316] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2312] <... futex resumed>) = 0 [pid 2312] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2312] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2313] <... futex resumed>) = 0 [pid 2313] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2313] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2312] <... futex resumed>) = 0 [pid 2312] exit_group(0) = ? [pid 2313] <... futex resumed>) = ? [pid 2313] +++ exited with 0 +++ [pid 2316] +++ exited with 0 +++ [pid 2312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2312, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./405/binderfs") = 0 [ 77.800659][ T2316] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 77.817116][ T2316] EXT4-fs (loop0): pa ffff8881e6911000: logic 16, phys. 128, len 24 [ 77.825247][ T2316] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./405/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./405/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./405") = 0 mkdir("./406", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2317 ./strace-static-x86_64: Process 2317 attached [pid 2317] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2317] chdir("./406") = 0 [pid 2317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2317] setpgid(0, 0) = 0 [pid 2317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2317] write(3, "1000", 4) = 4 [pid 2317] close(3) = 0 [pid 2317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2317] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2317] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2317] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2318], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2318 [pid 2317] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2318 attached [pid 2318] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2317] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2318] memfd_create("syzkaller", 0) = 3 [pid 2318] ftruncate(3, 2097152) = 0 [pid 2318] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2318] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2318] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2318] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2318] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2318] mkdir("./file0", 0777) = 0 [pid 2318] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2318] ioctl(4, LOOP_CLR_FD) = 0 [pid 2318] close(4) = 0 [pid 2318] close(3) = 0 [pid 2318] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2317] <... futex resumed>) = 0 [pid 2318] chdir("./file0" [pid 2317] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2318] <... chdir resumed>) = 0 [pid 2318] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2317] <... futex resumed>) = 0 [pid 2318] creat("./file0", 000 [pid 2317] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2317] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2318] <... creat resumed>) = 3 [pid 2318] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2317] <... futex resumed>) = 0 [pid 2318] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2317] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2318] <... write resumed>) = 40 [pid 2317] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2318] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2317] <... futex resumed>) = 0 [pid 2317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2318] <... futex resumed>) = 0 [pid 2317] <... mmap resumed>) = 0x7f0168051000 [pid 2317] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2317] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2321], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2321 [pid 2318] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2317] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2321 attached ) = 0 [pid 2321] set_robust_list(0x7f01680719e0, 24 [pid 2317] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2321] <... set_robust_list resumed>) = 0 [pid 2321] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2321] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2317] <... futex resumed>) = 0 [pid 2321] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2317] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2317] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2318] <... futex resumed>) = 0 [pid 2318] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2318] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2317] <... futex resumed>) = 0 [pid 2318] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2317] exit_group(0) = ? [pid 2321] <... futex resumed>) = ? [pid 2321] +++ exited with 0 +++ [pid 2318] <... futex resumed>) = ? [pid 2318] +++ exited with 0 +++ [pid 2317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2317, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./406/binderfs") = 0 [ 77.923671][ T2321] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 77.941249][ T2318] EXT4-fs (loop0): pa ffff8881e68ae690: logic 16, phys. 128, len 24 [ 77.949251][ T2318] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./406/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./406/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./406") = 0 mkdir("./407", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2322 attached [pid 2322] set_robust_list(0x55555656e5e0, 24 [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2322 [pid 2322] <... set_robust_list resumed>) = 0 [pid 2322] chdir("./407") = 0 [pid 2322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2322] setpgid(0, 0) = 0 [pid 2322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2322] write(3, "1000", 4) = 4 [pid 2322] close(3) = 0 [pid 2322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2322] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2322] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2322] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2323 attached , parent_tid=[2323], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2323 [pid 2323] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2323] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2323] <... futex resumed>) = 0 [pid 2322] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2323] memfd_create("syzkaller", 0) = 3 [pid 2323] ftruncate(3, 2097152) = 0 [pid 2323] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2323] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2323] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2323] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2323] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2323] mkdir("./file0", 0777) = 0 [pid 2323] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2323] ioctl(4, LOOP_CLR_FD) = 0 [pid 2323] close(4) = 0 [pid 2323] close(3) = 0 [pid 2323] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2322] <... futex resumed>) = 0 [pid 2323] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2322] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2323] chdir("./file0" [pid 2322] <... futex resumed>) = 0 [pid 2323] <... chdir resumed>) = 0 [pid 2322] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2323] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2323] <... futex resumed>) = 0 [pid 2323] creat("./file0", 000 [pid 2322] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2323] <... creat resumed>) = 3 [pid 2322] <... futex resumed>) = 0 [pid 2323] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2323] <... futex resumed>) = 0 [pid 2323] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2322] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2323] <... futex resumed>) = 0 [pid 2322] <... futex resumed>) = 1 [pid 2323] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2322] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2323] <... write resumed>) = 40 [pid 2322] <... futex resumed>) = 0 [pid 2323] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2323] <... futex resumed>) = 0 [pid 2322] <... mmap resumed>) = 0x7f0168051000 [pid 2323] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2322] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2326], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2326 ./strace-static-x86_64: Process 2326 attached [pid 2322] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2326] set_robust_list(0x7f01680719e0, 24 [pid 2322] <... futex resumed>) = 0 [pid 2326] <... set_robust_list resumed>) = 0 [pid 2322] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2326] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2326] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2322] <... futex resumed>) = 0 [pid 2326] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2323] <... futex resumed>) = 0 [pid 2322] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2323] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2323] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2322] <... futex resumed>) = 0 [pid 2323] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2322] exit_group(0 [pid 2323] <... futex resumed>) = 231 [pid 2322] <... exit_group resumed>) = ? [pid 2323] +++ exited with 0 +++ [pid 2326] <... futex resumed>) = ? [pid 2326] +++ exited with 0 +++ [pid 2322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2322, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./407/binderfs") = 0 umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 78.050896][ T2326] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 78.067199][ T2326] EXT4-fs (loop0): pa ffff8881e68aebd0: logic 16, phys. 128, len 24 [ 78.075290][ T2326] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./407/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./407") = 0 mkdir("./408", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2327 ./strace-static-x86_64: Process 2327 attached [pid 2327] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2327] chdir("./408") = 0 [pid 2327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2327] setpgid(0, 0) = 0 [pid 2327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2327] write(3, "1000", 4) = 4 [pid 2327] close(3) = 0 [pid 2327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2327] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2327] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2327] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2328], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2328 ./strace-static-x86_64: Process 2328 attached [pid 2327] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2327] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2328] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2328] memfd_create("syzkaller", 0) = 3 [pid 2328] ftruncate(3, 2097152) = 0 [pid 2328] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2328] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2328] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2328] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2328] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2328] mkdir("./file0", 0777) = 0 [pid 2328] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2328] ioctl(4, LOOP_CLR_FD) = 0 [pid 2328] close(4) = 0 [pid 2328] close(3) = 0 [pid 2328] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2328] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2327] <... futex resumed>) = 0 [pid 2327] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2328] <... futex resumed>) = 0 [pid 2328] chdir("./file0") = 0 [pid 2328] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2328] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2327] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2327] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2328] <... futex resumed>) = 0 [pid 2327] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2328] creat("./file0", 000) = 3 [pid 2328] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2328] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2327] <... futex resumed>) = 0 [pid 2327] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2328] <... futex resumed>) = 0 [pid 2328] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2327] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2328] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2328] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2327] <... futex resumed>) = 0 [pid 2327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2327] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2327] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2331 attached , parent_tid=[2331], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2331 [pid 2331] set_robust_list(0x7f01680719e0, 24 [pid 2327] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2331] <... set_robust_list resumed>) = 0 [pid 2327] <... futex resumed>) = 0 [pid 2331] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2327] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2331] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2331] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2327] <... futex resumed>) = 0 [pid 2331] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2327] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2328] <... futex resumed>) = 0 [pid 2327] <... futex resumed>) = 1 [pid 2328] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2327] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2328] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2328] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2327] <... futex resumed>) = 0 [pid 2328] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2327] exit_group(0 [pid 2328] <... futex resumed>) = ? [pid 2327] <... exit_group resumed>) = ? [pid 2328] +++ exited with 0 +++ [pid 2331] <... futex resumed>) = ? [pid 2331] +++ exited with 0 +++ [pid 2327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2327, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./408/binderfs") = 0 [ 78.164987][ T2331] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 78.181521][ T2331] EXT4-fs (loop0): pa ffff8881e6911930: logic 16, phys. 128, len 24 [ 78.189497][ T2331] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./408/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./408/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./408") = 0 mkdir("./409", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2332 ./strace-static-x86_64: Process 2332 attached [pid 2332] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2332] chdir("./409") = 0 [pid 2332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2332] setpgid(0, 0) = 0 [pid 2332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2332] write(3, "1000", 4) = 4 [pid 2332] close(3) = 0 [pid 2332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2332] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2332] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2332] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2333 attached , parent_tid=[2333], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2333 [pid 2333] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2333] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2332] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2333] <... futex resumed>) = 0 [pid 2333] memfd_create("syzkaller", 0 [pid 2332] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2333] <... memfd_create resumed>) = 3 [pid 2333] ftruncate(3, 2097152) = 0 [pid 2333] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2333] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2333] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2333] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2333] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2333] mkdir("./file0", 0777) = 0 [pid 2333] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2333] ioctl(4, LOOP_CLR_FD) = 0 [pid 2333] close(4) = 0 [pid 2333] close(3) = 0 [pid 2333] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2332] <... futex resumed>) = 0 [pid 2332] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2333] chdir("./file0") = 0 [pid 2333] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2332] <... futex resumed>) = 0 [pid 2332] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2333] <... futex resumed>) = 1 [pid 2333] creat("./file0", 000) = 3 [pid 2333] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2332] <... futex resumed>) = 0 [pid 2332] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2332] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2332] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2336 attached , parent_tid=[2336], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2336 [pid 2332] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2332] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2333] <... futex resumed>) = 1 [pid 2333] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2336] set_robust_list(0x7f01680719e0, 24 [pid 2333] <... write resumed>) = 40 [pid 2333] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2333] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2336] <... set_robust_list resumed>) = 0 [pid 2336] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2336] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2332] <... futex resumed>) = 0 [pid 2336] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2332] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2332] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2333] <... futex resumed>) = 0 [pid 2333] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2333] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2332] <... futex resumed>) = 0 [pid 2332] exit_group(0) = ? [pid 2336] <... futex resumed>) = ? [pid 2333] <... futex resumed>) = ? [pid 2333] +++ exited with 0 +++ [pid 2336] +++ exited with 0 +++ [pid 2332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2332, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./409/binderfs") = 0 [ 78.324911][ T2336] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 78.342014][ T2336] EXT4-fs (loop0): pa ffff8881e6911738: logic 16, phys. 128, len 24 [ 78.350227][ T2336] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./409/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./409/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./409") = 0 mkdir("./410", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2337 attached , child_tidptr=0x55555656e5d0) = 2337 [pid 2337] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2337] chdir("./410") = 0 [pid 2337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2337] setpgid(0, 0) = 0 [pid 2337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2337] write(3, "1000", 4) = 4 [pid 2337] close(3) = 0 [pid 2337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2337] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2337] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2337] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2338 attached , parent_tid=[2338], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2338 [pid 2338] set_robust_list(0x7f01680929e0, 24 [pid 2337] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] <... set_robust_list resumed>) = 0 [pid 2337] <... futex resumed>) = 0 [pid 2338] memfd_create("syzkaller", 0 [pid 2337] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2338] <... memfd_create resumed>) = 3 [pid 2338] ftruncate(3, 2097152) = 0 [pid 2338] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2338] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2338] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2338] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2338] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2338] mkdir("./file0", 0777) = 0 [pid 2338] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2338] ioctl(4, LOOP_CLR_FD) = 0 [pid 2338] close(4) = 0 [pid 2338] close(3) = 0 [pid 2338] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2337] <... futex resumed>) = 0 [pid 2337] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] chdir("./file0" [pid 2337] <... futex resumed>) = 0 [pid 2338] <... chdir resumed>) = 0 [pid 2337] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2338] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2337] <... futex resumed>) = 0 [pid 2337] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] creat("./file0", 000 [pid 2337] <... futex resumed>) = 0 [pid 2337] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2338] <... creat resumed>) = 3 [pid 2338] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2337] <... futex resumed>) = 0 [pid 2337] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2337] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2337] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2337] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2341 attached , parent_tid=[2341], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2341 [pid 2341] set_robust_list(0x7f01680719e0, 24 [pid 2337] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2341] <... set_robust_list resumed>) = 0 [pid 2337] <... futex resumed>) = 0 [pid 2341] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2337] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2338] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2341] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2341] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2338] <... write resumed>) = 40 [pid 2338] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2338] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2341] <... futex resumed>) = 1 [pid 2337] <... futex resumed>) = 0 [pid 2337] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2337] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2338] <... futex resumed>) = 0 [pid 2338] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2338] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2337] <... futex resumed>) = 0 [pid 2337] exit_group(0) = ? [pid 2338] <... futex resumed>) = ? [pid 2338] +++ exited with 0 +++ [pid 2341] +++ exited with 0 +++ [pid 2337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2337, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./410/binderfs") = 0 [ 78.457993][ T2341] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./410/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./410/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./410") = 0 mkdir("./411", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2342 ./strace-static-x86_64: Process 2342 attached [pid 2342] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2342] chdir("./411") = 0 [pid 2342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2342] setpgid(0, 0) = 0 [pid 2342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2342] write(3, "1000", 4) = 4 [pid 2342] close(3) = 0 [pid 2342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2342] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2342] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2342] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2343], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2343 [pid 2342] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2343 attached ) = 0 [pid 2342] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2343] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2343] memfd_create("syzkaller", 0) = 3 [pid 2343] ftruncate(3, 2097152) = 0 [pid 2343] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2343] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2343] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2343] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2343] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2343] mkdir("./file0", 0777) = 0 [pid 2343] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2343] ioctl(4, LOOP_CLR_FD) = 0 [pid 2343] close(4) = 0 [pid 2343] close(3) = 0 [pid 2343] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... futex resumed>) = 1 [pid 2343] chdir("./file0") = 0 [pid 2343] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... futex resumed>) = 1 [pid 2343] creat("./file0", 000) = 3 [pid 2343] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2342] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2342] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2346 attached , parent_tid=[2346], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2346 [pid 2342] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2342] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... futex resumed>) = 1 [pid 2343] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2343] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2346] set_robust_list(0x7f01680719e0, 24 [pid 2343] <... futex resumed>) = 0 [pid 2343] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2346] <... set_robust_list resumed>) = 0 [pid 2346] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2346] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2342] <... futex resumed>) = 0 [pid 2342] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2342] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2343] <... futex resumed>) = 0 [pid 2343] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2346] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2343] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2342] <... futex resumed>) = 0 [pid 2342] exit_group(0) = ? [pid 2346] <... futex resumed>) = ? [pid 2343] <... futex resumed>) = ? [pid 2343] +++ exited with 0 +++ [pid 2346] +++ exited with 0 +++ [pid 2342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2342, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./411/binderfs") = 0 [ 78.554362][ T2346] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 78.571721][ T2346] EXT4-fs (loop0): pa ffff8881e69111f8: logic 16, phys. 128, len 24 [ 78.579857][ T2346] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./411/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./411/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./411") = 0 mkdir("./412", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2347 ./strace-static-x86_64: Process 2347 attached [pid 2347] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2347] chdir("./412") = 0 [pid 2347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2347] setpgid(0, 0) = 0 [pid 2347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2347] write(3, "1000", 4) = 4 [pid 2347] close(3) = 0 [pid 2347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2347] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2347] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2347] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2348], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2348 [pid 2347] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2348 attached [pid 2348] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2348] memfd_create("syzkaller", 0) = 3 [pid 2348] ftruncate(3, 2097152) = 0 [pid 2348] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2348] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2348] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2348] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2348] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2348] mkdir("./file0", 0777) = 0 [pid 2348] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2348] ioctl(4, LOOP_CLR_FD) = 0 [pid 2348] close(4) = 0 [pid 2348] close(3) = 0 [pid 2348] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2347] <... futex resumed>) = 0 [pid 2347] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2348] <... futex resumed>) = 1 [pid 2348] chdir("./file0") = 0 [pid 2348] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2347] <... futex resumed>) = 0 [pid 2347] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2348] <... futex resumed>) = 1 [pid 2348] creat("./file0", 000) = 3 [pid 2348] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] <... futex resumed>) = 0 [pid 2348] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2347] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2347] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2347] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2348] <... write resumed>) = 40 ./strace-static-x86_64: Process 2351 attached [pid 2347] <... clone resumed>, parent_tid=[2351], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2351 [pid 2347] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2347] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2351] set_robust_list(0x7f01680719e0, 24 [pid 2348] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2351] <... set_robust_list resumed>) = 0 [pid 2348] <... futex resumed>) = 0 [pid 2351] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2348] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2351] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2351] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] <... futex resumed>) = 0 [pid 2347] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2348] <... futex resumed>) = 0 [pid 2351] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2348] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2348] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2347] <... futex resumed>) = 0 [pid 2347] exit_group(0) = ? [pid 2351] <... futex resumed>) = ? [pid 2348] +++ exited with 0 +++ [pid 2351] +++ exited with 0 +++ [pid 2347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2347, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./412/binderfs") = 0 [ 78.673825][ T2351] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 78.692141][ T2351] EXT4-fs (loop0): pa ffff8881e69117e0: logic 16, phys. 128, len 24 [ 78.700211][ T2351] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./412/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./412/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./412") = 0 mkdir("./413", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2352 ./strace-static-x86_64: Process 2352 attached [pid 2352] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2352] chdir("./413") = 0 [pid 2352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2352] setpgid(0, 0) = 0 [pid 2352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2352] write(3, "1000", 4) = 4 [pid 2352] close(3) = 0 [pid 2352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2352] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2352] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2352] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2353], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2353 [pid 2352] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2353 attached [pid 2353] set_robust_list(0x7f01680929e0, 24 [pid 2352] <... futex resumed>) = 0 [pid 2352] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2353] <... set_robust_list resumed>) = 0 [pid 2353] memfd_create("syzkaller", 0) = 3 [pid 2353] ftruncate(3, 2097152) = 0 [pid 2353] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2353] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2353] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2353] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2353] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2353] mkdir("./file0", 0777) = 0 [pid 2353] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2353] ioctl(4, LOOP_CLR_FD) = 0 [pid 2353] close(4) = 0 [pid 2353] close(3) = 0 [pid 2353] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2352] <... futex resumed>) = 0 [pid 2352] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2353] <... futex resumed>) = 1 [pid 2353] chdir("./file0") = 0 [pid 2353] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2352] <... futex resumed>) = 0 [pid 2352] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2353] <... futex resumed>) = 1 [pid 2353] creat("./file0", 000) = 3 [pid 2353] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2352] <... futex resumed>) = 0 [pid 2352] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2352] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2352] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2356 attached , parent_tid=[2356], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2356 [pid 2352] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2352] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2356] set_robust_list(0x7f01680719e0, 24 [pid 2353] <... futex resumed>) = 1 [pid 2353] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2356] <... set_robust_list resumed>) = 0 [pid 2353] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2353] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2356] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2356] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2352] <... futex resumed>) = 0 [pid 2352] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2352] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2356] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2353] <... futex resumed>) = 0 [pid 2353] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2353] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2352] <... futex resumed>) = 0 [pid 2352] exit_group(0) = ? [pid 2356] <... futex resumed>) = ? [pid 2353] <... futex resumed>) = ? [pid 2353] +++ exited with 0 +++ [pid 2356] +++ exited with 0 +++ [pid 2352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2352, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./413/binderfs") = 0 [ 78.804380][ T2356] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 78.821988][ T2356] EXT4-fs (loop0): pa ffff8881dba2c348: logic 16, phys. 128, len 24 [ 78.830080][ T2356] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./413/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./413") = 0 mkdir("./414", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2357 ./strace-static-x86_64: Process 2357 attached [pid 2357] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2357] chdir("./414") = 0 [pid 2357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2357] setpgid(0, 0) = 0 [pid 2357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2357] write(3, "1000", 4) = 4 [pid 2357] close(3) = 0 [pid 2357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2357] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2357] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2357] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2358], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2358 [pid 2357] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2358 attached [pid 2358] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2358] memfd_create("syzkaller", 0) = 3 [pid 2358] ftruncate(3, 2097152) = 0 [pid 2358] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2358] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2358] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2358] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2358] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2358] mkdir("./file0", 0777) = 0 [pid 2358] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2358] ioctl(4, LOOP_CLR_FD) = 0 [pid 2358] close(4) = 0 [pid 2358] close(3) = 0 [pid 2358] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] <... futex resumed>) = 0 [pid 2358] <... futex resumed>) = 1 [pid 2358] chdir("./file0" [pid 2357] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2358] <... chdir resumed>) = 0 [pid 2357] <... futex resumed>) = 0 [pid 2358] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2357] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] <... futex resumed>) = 0 [pid 2357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2358] creat("./file0", 000 [pid 2357] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] <... creat resumed>) = 3 [pid 2358] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2357] <... futex resumed>) = 0 [pid 2357] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2357] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2357] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2361], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2361 [pid 2357] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2357] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2358] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2358] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2361 attached [pid 2361] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2361] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2361] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2357] <... futex resumed>) = 0 [pid 2357] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2358] <... futex resumed>) = 0 [pid 2357] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2358] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2358] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2357] <... futex resumed>) = 0 [pid 2358] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2357] exit_group(0) = ? [pid 2358] <... futex resumed>) = ? [pid 2358] +++ exited with 0 +++ [pid 2361] +++ exited with 0 +++ [pid 2357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2357, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./414/binderfs") = 0 [ 78.934738][ T2361] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 78.951886][ T2361] EXT4-fs (loop0): pa ffff8881e68ae498: logic 16, phys. 128, len 24 [ 78.960029][ T2361] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./414/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./414/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./414") = 0 mkdir("./415", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2362 ./strace-static-x86_64: Process 2362 attached [pid 2362] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2362] chdir("./415") = 0 [pid 2362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2362] setpgid(0, 0) = 0 [pid 2362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2362] write(3, "1000", 4) = 4 [pid 2362] close(3) = 0 [pid 2362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2362] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2362] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2362] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2363], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2363 [pid 2362] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2363 attached [pid 2363] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2363] memfd_create("syzkaller", 0) = 3 [pid 2363] ftruncate(3, 2097152) = 0 [pid 2363] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2363] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2363] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2363] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2363] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2363] mkdir("./file0", 0777) = 0 [pid 2363] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2363] ioctl(4, LOOP_CLR_FD) = 0 [pid 2363] close(4) = 0 [pid 2363] close(3) = 0 [pid 2363] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2362] <... futex resumed>) = 0 [pid 2362] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2363] chdir("./file0") = 0 [pid 2363] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2362] <... futex resumed>) = 0 [pid 2362] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2363] creat("./file0", 000) = 3 [pid 2363] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2362] <... futex resumed>) = 0 [pid 2362] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2362] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2362] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2366], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2366 [pid 2362] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2362] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2366 attached [pid 2366] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2366] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2363] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2366] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2366] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2362] <... futex resumed>) = 0 [pid 2362] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2363] <... write resumed>) = 40 [pid 2362] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2366] <... futex resumed>) = 1 [pid 2366] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2366] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2362] <... futex resumed>) = 0 [pid 2366] <... futex resumed>) = 1 [pid 2366] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2363] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2363] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2362] exit_group(0) = ? [pid 2363] <... futex resumed>) = ? [pid 2363] +++ exited with 0 +++ [pid 2366] <... futex resumed>) = ? [pid 2366] +++ exited with 0 +++ [pid 2362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2362, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./415/binderfs") = 0 umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./415/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./415/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./415") = 0 mkdir("./416", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2367 attached , child_tidptr=0x55555656e5d0) = 2367 [ 79.070963][ T2366] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata [pid 2367] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2367] chdir("./416") = 0 [pid 2367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2367] setpgid(0, 0) = 0 [pid 2367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2367] write(3, "1000", 4) = 4 [pid 2367] close(3) = 0 [pid 2367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2367] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2367] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2367] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2368 attached , parent_tid=[2368], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2368 [pid 2367] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2368] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2368] memfd_create("syzkaller", 0) = 3 [pid 2368] ftruncate(3, 2097152) = 0 [pid 2368] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2368] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2368] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2368] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2368] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2368] mkdir("./file0", 0777) = 0 [pid 2368] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2368] ioctl(4, LOOP_CLR_FD) = 0 [pid 2368] close(4) = 0 [pid 2368] close(3) = 0 [pid 2368] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] <... futex resumed>) = 0 [pid 2367] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2368] <... futex resumed>) = 1 [pid 2368] chdir("./file0") = 0 [pid 2368] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] <... futex resumed>) = 0 [pid 2367] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2368] <... futex resumed>) = 1 [pid 2368] creat("./file0", 000) = 3 [pid 2368] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] <... futex resumed>) = 0 [pid 2367] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2367] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2367] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2371 attached , parent_tid=[2371], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2371 [pid 2367] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2371] set_robust_list(0x7f01680719e0, 24 [pid 2367] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2368] <... futex resumed>) = 1 [pid 2371] <... set_robust_list resumed>) = 0 [pid 2368] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2368] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2371] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2368] <... futex resumed>) = 0 [pid 2368] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2371] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2371] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2367] <... futex resumed>) = 0 [pid 2367] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2367] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2368] <... futex resumed>) = 0 [pid 2368] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2368] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2367] <... futex resumed>) = 0 [pid 2367] exit_group(0) = ? [pid 2368] <... futex resumed>) = ? [pid 2368] +++ exited with 0 +++ [pid 2371] +++ exited with 0 +++ [pid 2367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2367, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./416/binderfs") = 0 [ 79.177107][ T2371] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 79.193832][ T2371] EXT4-fs (loop0): pa ffff8881dba2c3f0: logic 16, phys. 128, len 24 [ 79.201904][ T2371] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./416/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./416/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./416") = 0 mkdir("./417", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2372 ./strace-static-x86_64: Process 2372 attached [pid 2372] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2372] chdir("./417") = 0 [pid 2372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2372] setpgid(0, 0) = 0 [pid 2372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2372] write(3, "1000", 4) = 4 [pid 2372] close(3) = 0 [pid 2372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2372] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2372] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2372] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2373 attached , parent_tid=[2373], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2373 [pid 2373] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2373] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2372] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2373] <... futex resumed>) = 0 [pid 2373] memfd_create("syzkaller", 0 [pid 2372] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2373] <... memfd_create resumed>) = 3 [pid 2373] ftruncate(3, 2097152) = 0 [pid 2373] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2373] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2373] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2373] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2373] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2373] mkdir("./file0", 0777) = 0 [pid 2373] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2373] ioctl(4, LOOP_CLR_FD) = 0 [pid 2373] close(4) = 0 [pid 2373] close(3) = 0 [pid 2373] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2372] <... futex resumed>) = 0 [pid 2373] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2372] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2373] <... futex resumed>) = 0 [pid 2372] <... futex resumed>) = 1 [pid 2373] chdir("./file0" [pid 2372] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2373] <... chdir resumed>) = 0 [pid 2373] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2373] <... futex resumed>) = 0 [pid 2372] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2373] creat("./file0", 000) = 3 [pid 2372] <... futex resumed>) = 0 [pid 2373] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2372] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2373] <... futex resumed>) = 0 [pid 2372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2373] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2372] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2373] <... futex resumed>) = 0 [pid 2372] <... futex resumed>) = 1 [pid 2373] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2372] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2373] <... write resumed>) = 40 [pid 2372] <... futex resumed>) = 0 [pid 2373] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2373] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2372] <... mmap resumed>) = 0x7f0168051000 [pid 2372] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2372] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2376 attached [pid 2376] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2376] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2372] <... clone resumed>, parent_tid=[2376], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2376 [pid 2372] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2376] <... futex resumed>) = 0 [pid 2376] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2372] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2376] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2376] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2376] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2372] <... futex resumed>) = 0 [pid 2372] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2373] <... futex resumed>) = 0 [pid 2373] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2373] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2373] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2372] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2372] exit_group(0 [pid 2376] <... futex resumed>) = ? [pid 2372] <... exit_group resumed>) = ? [pid 2376] +++ exited with 0 +++ [pid 2373] <... futex resumed>) = ? [pid 2373] +++ exited with 0 +++ [pid 2372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2372, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./417/binderfs") = 0 [ 79.281315][ T2376] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 79.298447][ T2372] EXT4-fs (loop0): pa ffff8881dba2c888: logic 16, phys. 128, len 24 [ 79.306571][ T2372] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./417/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./417/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./417") = 0 mkdir("./418", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2377 ./strace-static-x86_64: Process 2377 attached [pid 2377] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2377] chdir("./418") = 0 [pid 2377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2377] setpgid(0, 0) = 0 [pid 2377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2377] write(3, "1000", 4) = 4 [pid 2377] close(3) = 0 [pid 2377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2377] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2377] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2377] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2378], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2378 [pid 2377] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2377] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2378 attached [pid 2378] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2378] memfd_create("syzkaller", 0) = 3 [pid 2378] ftruncate(3, 2097152) = 0 [pid 2378] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2378] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2378] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2378] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2378] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2378] mkdir("./file0", 0777) = 0 [pid 2378] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2378] ioctl(4, LOOP_CLR_FD) = 0 [pid 2378] close(4) = 0 [pid 2378] close(3) = 0 [pid 2378] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] <... futex resumed>) = 0 [pid 2377] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2377] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2378] chdir("./file0") = 0 [pid 2378] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] <... futex resumed>) = 0 [pid 2377] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2377] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2378] creat("./file0", 000) = 3 [pid 2378] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] <... futex resumed>) = 0 [pid 2377] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2377] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2378] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2377] <... mmap resumed>) = 0x7f0168051000 [pid 2377] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2378] <... write resumed>) = 40 [pid 2377] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2381], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2381 [pid 2377] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2377] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2381 attached [pid 2381] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2381] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2378] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2378] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2381] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2381] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2377] <... futex resumed>) = 0 [pid 2377] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2381] <... futex resumed>) = 1 [pid 2381] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2378] <... futex resumed>) = 0 [pid 2378] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2378] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2377] <... futex resumed>) = 0 [pid 2378] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2377] exit_group(0) = ? [pid 2378] <... futex resumed>) = ? [pid 2378] +++ exited with 0 +++ [pid 2381] <... futex resumed>) = ? [pid 2381] +++ exited with 0 +++ [pid 2377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2377, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./418/binderfs") = 0 [ 79.401803][ T2381] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 79.419166][ T2381] EXT4-fs (loop0): pa ffff8881e68ae738: logic 16, phys. 128, len 24 [ 79.427322][ T2381] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./418/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./418/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./418") = 0 mkdir("./419", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2382 attached , child_tidptr=0x55555656e5d0) = 2382 [pid 2382] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2382] chdir("./419") = 0 [pid 2382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2382] setpgid(0, 0) = 0 [pid 2382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2382] write(3, "1000", 4) = 4 [pid 2382] close(3) = 0 [pid 2382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2382] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2382] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2382] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2383 attached , parent_tid=[2383], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2383 [pid 2383] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2383] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2382] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2383] <... futex resumed>) = 0 [pid 2383] memfd_create("syzkaller", 0 [pid 2382] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2383] <... memfd_create resumed>) = 3 [pid 2383] ftruncate(3, 2097152) = 0 [pid 2383] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2383] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2383] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2383] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2383] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2383] mkdir("./file0", 0777) = 0 [pid 2383] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2383] ioctl(4, LOOP_CLR_FD) = 0 [pid 2383] close(4) = 0 [pid 2383] close(3) = 0 [pid 2383] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2382] <... futex resumed>) = 0 [pid 2383] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2382] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2382] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2383] chdir("./file0") = 0 [pid 2383] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2382] <... futex resumed>) = 0 [pid 2382] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2383] creat("./file0", 000 [pid 2382] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2383] <... creat resumed>) = 3 [pid 2383] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2382] <... futex resumed>) = 0 [pid 2382] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2382] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2383] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2382] <... mmap resumed>) = 0x7f0168051000 [pid 2382] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2383] <... write resumed>) = 40 [pid 2383] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2382] <... mprotect resumed>) = 0 [pid 2382] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2383] <... futex resumed>) = 0 [pid 2383] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2382] <... clone resumed>, parent_tid=[2386], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2386 [pid 2382] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2382] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2386 attached [pid 2386] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2386] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2386] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2382] <... futex resumed>) = 0 [pid 2382] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2382] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2386] <... futex resumed>) = 1 [pid 2386] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2383] <... futex resumed>) = 0 [pid 2383] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2383] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2382] <... futex resumed>) = 0 [pid 2382] exit_group(0) = ? [pid 2386] <... futex resumed>) = ? [pid 2383] +++ exited with 0 +++ [pid 2386] +++ exited with 0 +++ [pid 2382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2382, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./419/binderfs") = 0 [ 79.565891][ T2386] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 79.583443][ T2386] EXT4-fs (loop0): pa ffff8881e68ae2a0: logic 16, phys. 128, len 24 [ 79.591475][ T2386] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./419/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./419") = 0 mkdir("./420", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2387 ./strace-static-x86_64: Process 2387 attached [pid 2387] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2387] chdir("./420") = 0 [pid 2387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2387] setpgid(0, 0) = 0 [pid 2387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2387] write(3, "1000", 4) = 4 [pid 2387] close(3) = 0 [pid 2387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2387] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2387] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2387] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2388], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2388 [pid 2387] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2388 attached [pid 2387] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2388] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2388] memfd_create("syzkaller", 0) = 3 [pid 2388] ftruncate(3, 2097152) = 0 [pid 2388] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2388] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2388] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2388] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2388] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2388] mkdir("./file0", 0777) = 0 [pid 2388] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2388] ioctl(4, LOOP_CLR_FD) = 0 [pid 2388] close(4) = 0 [pid 2388] close(3) = 0 [pid 2388] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2387] <... futex resumed>) = 0 [pid 2388] <... futex resumed>) = 1 [pid 2387] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2388] chdir("./file0" [pid 2387] <... futex resumed>) = 0 [pid 2387] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2388] <... chdir resumed>) = 0 [pid 2388] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2387] <... futex resumed>) = 0 [pid 2388] <... futex resumed>) = 1 [pid 2387] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2388] creat("./file0", 000 [pid 2387] <... futex resumed>) = 0 [pid 2387] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2388] <... creat resumed>) = 3 [pid 2388] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2387] <... futex resumed>) = 0 [pid 2387] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2387] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2387] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2387] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2391 attached [pid 2391] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2391] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2388] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2387] <... clone resumed>, parent_tid=[2391], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2391 [pid 2387] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2391] <... futex resumed>) = 0 [pid 2387] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2391] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2388] <... write resumed>) = 40 [pid 2391] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2388] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2391] <... futex resumed>) = 1 [pid 2387] <... futex resumed>) = 0 [pid 2387] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2387] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 2387] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2388] <... futex resumed>) = 1 [pid 2388] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2388] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2387] <... futex resumed>) = 0 [pid 2387] exit_group(0) = ? [pid 2388] <... futex resumed>) = ? [pid 2391] +++ exited with 0 +++ [pid 2388] +++ exited with 0 +++ [pid 2387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2387, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./420/binderfs") = 0 [ 79.695385][ T2391] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./420/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./420/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./420") = 0 mkdir("./421", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2392 ./strace-static-x86_64: Process 2392 attached [pid 2392] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2392] chdir("./421") = 0 [pid 2392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2392] setpgid(0, 0) = 0 [pid 2392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2392] write(3, "1000", 4) = 4 [pid 2392] close(3) = 0 [pid 2392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2392] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2392] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2392] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2393 attached , parent_tid=[2393], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2393 [pid 2393] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2393] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2393] <... futex resumed>) = 0 [pid 2393] memfd_create("syzkaller", 0) = 3 [pid 2393] ftruncate(3, 2097152) = 0 [pid 2393] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2393] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2393] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2393] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2393] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2393] ioctl(4, LOOP_SET_FD, 3 [pid 2392] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2393] <... ioctl resumed>) = 0 [pid 2393] mkdir("./file0", 0777) = 0 [pid 2393] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2393] ioctl(4, LOOP_CLR_FD) = 0 [pid 2393] close(4) = 0 [pid 2393] close(3) = 0 [pid 2393] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2393] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] <... futex resumed>) = 0 [pid 2392] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2393] <... futex resumed>) = 0 [pid 2393] chdir("./file0") = 0 [pid 2393] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2393] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2392] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2393] <... futex resumed>) = 0 [pid 2392] <... futex resumed>) = 1 [pid 2393] creat("./file0", 000) = 3 [pid 2393] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2393] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2392] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2393] <... futex resumed>) = 0 [pid 2392] <... futex resumed>) = 1 [pid 2393] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2392] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2393] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2393] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] <... futex resumed>) = 0 [pid 2392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2392] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2392] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2396 attached [pid 2396] set_robust_list(0x7f01680719e0, 24 [pid 2392] <... clone resumed>, parent_tid=[2396], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2396 [pid 2396] <... set_robust_list resumed>) = 0 [pid 2396] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2396] <... futex resumed>) = 0 [pid 2396] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2392] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2396] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2396] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2396] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] <... futex resumed>) = 0 [pid 2392] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2393] <... futex resumed>) = 0 [pid 2392] <... futex resumed>) = 1 [pid 2393] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2392] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2393] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2393] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2393] <... futex resumed>) = 0 [pid 2393] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2392] exit_group(0) = ? [pid 2396] <... futex resumed>) = ? [pid 2396] +++ exited with 0 +++ [pid 2393] <... futex resumed>) = ? [pid 2393] +++ exited with 0 +++ [pid 2392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2392, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./421/binderfs") = 0 [ 79.803142][ T2396] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 79.819306][ T2393] EXT4-fs (loop0): pa ffff8881dba2c9d8: logic 16, phys. 128, len 24 [ 79.827402][ T2393] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./421/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./421/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./421") = 0 mkdir("./422", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2397 ./strace-static-x86_64: Process 2397 attached [pid 2397] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2397] chdir("./422") = 0 [pid 2397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2397] setpgid(0, 0) = 0 [pid 2397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2397] write(3, "1000", 4) = 4 [pid 2397] close(3) = 0 [pid 2397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2397] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2397] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2397] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2398 attached [pid 2398] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2398] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2397] <... clone resumed>, parent_tid=[2398], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2398 [pid 2397] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2398] <... futex resumed>) = 0 [pid 2398] memfd_create("syzkaller", 0) = 3 [pid 2398] ftruncate(3, 2097152) = 0 [pid 2398] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2398] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2398] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2398] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2398] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2398] ioctl(4, LOOP_SET_FD, 3 [pid 2397] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2398] <... ioctl resumed>) = 0 [pid 2398] mkdir("./file0", 0777) = 0 [pid 2398] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2398] ioctl(4, LOOP_CLR_FD) = 0 [pid 2398] close(4) = 0 [pid 2398] close(3) = 0 [pid 2398] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2397] <... futex resumed>) = 0 [pid 2398] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2397] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2397] <... futex resumed>) = 0 [pid 2398] chdir("./file0" [pid 2397] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2398] <... chdir resumed>) = 0 [pid 2398] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2397] <... futex resumed>) = 0 [pid 2398] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2397] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2397] <... futex resumed>) = 0 [pid 2398] creat("./file0", 000 [pid 2397] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2398] <... creat resumed>) = 3 [pid 2398] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2397] <... futex resumed>) = 0 [pid 2398] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2397] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2397] <... futex resumed>) = 0 [pid 2398] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2397] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2398] <... write resumed>) = 40 [pid 2397] <... futex resumed>) = 0 [pid 2398] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2398] <... futex resumed>) = 0 [pid 2397] <... mmap resumed>) = 0x7f0168051000 [pid 2398] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2397] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2397] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2401 attached [pid 2401] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2401] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2397] <... clone resumed>, parent_tid=[2401], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2401 [pid 2397] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2401] <... futex resumed>) = 0 [pid 2401] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2397] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2401] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2401] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2401] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2397] <... futex resumed>) = 0 [pid 2397] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2398] <... futex resumed>) = 0 [pid 2397] <... futex resumed>) = 1 [pid 2398] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2397] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2398] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2398] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2397] exit_group(0 [pid 2398] <... futex resumed>) = ? [pid 2397] <... exit_group resumed>) = ? [pid 2401] <... futex resumed>) = ? [pid 2401] +++ exited with 0 +++ [pid 2398] +++ exited with 0 +++ [pid 2397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2397, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./422/binderfs") = 0 [ 79.963514][ T2401] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 79.981125][ T2397] EXT4-fs (loop0): pa ffff8881dba2ca80: logic 16, phys. 128, len 24 [ 79.989215][ T2397] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./422/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./422/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./422") = 0 mkdir("./423", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2402 ./strace-static-x86_64: Process 2402 attached [pid 2402] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2402] chdir("./423") = 0 [pid 2402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2402] setpgid(0, 0) = 0 [pid 2402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2402] write(3, "1000", 4) = 4 [pid 2402] close(3) = 0 [pid 2402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2402] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2402] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2402] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2403], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2403 [pid 2402] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2402] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2403 attached [pid 2403] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2403] memfd_create("syzkaller", 0) = 3 [pid 2403] ftruncate(3, 2097152) = 0 [pid 2403] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2403] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2403] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2403] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2403] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2403] mkdir("./file0", 0777) = 0 [pid 2403] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2403] ioctl(4, LOOP_CLR_FD) = 0 [pid 2403] close(4) = 0 [pid 2403] close(3) = 0 [pid 2403] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2402] <... futex resumed>) = 0 [pid 2402] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2402] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2403] chdir("./file0") = 0 [pid 2403] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2402] <... futex resumed>) = 0 [pid 2402] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2402] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2403] creat("./file0", 000) = 3 [pid 2403] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2402] <... futex resumed>) = 0 [pid 2402] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2402] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2403] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2402] <... mmap resumed>) = 0x7f0168051000 [pid 2402] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2403] <... write resumed>) = 40 [pid 2402] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2406], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2406 [pid 2402] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2403] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2402] <... futex resumed>) = 0 [pid 2402] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2403] <... futex resumed>) = 0 [pid 2403] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2406 attached [pid 2406] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2406] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2406] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2402] <... futex resumed>) = 0 [pid 2402] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2402] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2406] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2403] <... futex resumed>) = 0 [pid 2403] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2403] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2402] <... futex resumed>) = 0 [pid 2403] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2402] exit_group(0) = ? [pid 2406] <... futex resumed>) = ? [pid 2403] <... futex resumed>) = ? [pid 2403] +++ exited with 0 +++ [pid 2406] +++ exited with 0 +++ [pid 2402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2402, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./423/binderfs") = 0 [ 80.080184][ T2406] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 80.098062][ T2406] EXT4-fs (loop0): pa ffff8881e69fe498: logic 16, phys. 128, len 24 [ 80.106087][ T2406] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./423/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./423/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./423") = 0 mkdir("./424", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2407 ./strace-static-x86_64: Process 2407 attached [pid 2407] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2407] chdir("./424") = 0 [pid 2407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2407] setpgid(0, 0) = 0 [pid 2407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2407] write(3, "1000", 4) = 4 [pid 2407] close(3) = 0 [pid 2407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2407] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2407] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2407] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2408], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2408 [pid 2407] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2407] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2408 attached [pid 2408] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2408] memfd_create("syzkaller", 0) = 3 [pid 2408] ftruncate(3, 2097152) = 0 [pid 2408] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2408] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2408] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2408] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2408] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2408] mkdir("./file0", 0777) = 0 [pid 2408] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2408] ioctl(4, LOOP_CLR_FD) = 0 [pid 2408] close(4) = 0 [pid 2408] close(3) = 0 [pid 2408] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2408] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2407] <... futex resumed>) = 0 [pid 2407] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2408] <... futex resumed>) = 0 [pid 2408] chdir("./file0") = 0 [pid 2408] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2408] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2407] <... futex resumed>) = 1 [pid 2407] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2407] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2408] <... futex resumed>) = 0 [pid 2408] creat("./file0", 000 [pid 2407] <... futex resumed>) = 1 [pid 2407] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2408] <... creat resumed>) = 3 [pid 2408] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2408] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2407] <... futex resumed>) = 0 [pid 2407] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2408] <... futex resumed>) = 0 [pid 2408] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2408] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2408] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2407] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2408] <... futex resumed>) = 0 [pid 2408] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2407] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2408] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2408] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2407] <... futex resumed>) = 0 [pid 2408] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2407] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2408] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2407] <... futex resumed>) = 0 [pid 2407] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2408] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2407] <... futex resumed>) = 0 [pid 2407] exit_group(0) = ? [pid 2408] +++ exited with 0 +++ [pid 2407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2407, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./424/binderfs") = 0 [ 80.237810][ T2408] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 80.254870][ T2408] EXT4-fs (loop0): pa ffff8881dba2c738: logic 16, phys. 128, len 24 [ 80.262895][ T2408] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./424/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./424/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./424") = 0 mkdir("./425", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2411 attached [pid 2411] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2411] chdir("./425") = 0 [pid 2411] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2411 [pid 2411] <... prctl resumed>) = 0 [pid 2411] setpgid(0, 0) = 0 [pid 2411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2411] write(3, "1000", 4) = 4 [pid 2411] close(3) = 0 [pid 2411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2411] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2411] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2411] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2412], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2412 [pid 2411] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2412 attached [pid 2412] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2412] memfd_create("syzkaller", 0) = 3 [pid 2412] ftruncate(3, 2097152) = 0 [pid 2412] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2412] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2412] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2412] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2412] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2412] mkdir("./file0", 0777) = 0 [pid 2412] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2412] ioctl(4, LOOP_CLR_FD) = 0 [pid 2412] close(4) = 0 [pid 2412] close(3) = 0 [pid 2412] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2412] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2412] <... futex resumed>) = 0 [pid 2411] <... futex resumed>) = 1 [pid 2412] chdir("./file0" [pid 2411] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] <... chdir resumed>) = 0 [pid 2412] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2412] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2412] <... futex resumed>) = 0 [pid 2411] <... futex resumed>) = 1 [pid 2412] creat("./file0", 000 [pid 2411] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2412] <... creat resumed>) = 3 [pid 2412] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2412] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2412] <... futex resumed>) = 0 [pid 2411] <... futex resumed>) = 1 [pid 2412] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2411] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2412] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2411] <... futex resumed>) = 0 [pid 2412] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2411] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2411] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2415 attached , parent_tid=[2415], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2415 [pid 2415] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2415] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2415] <... futex resumed>) = 0 [pid 2415] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2411] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2415] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2415] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2411] <... futex resumed>) = 0 [pid 2411] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2415] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2412] <... futex resumed>) = 0 [pid 2412] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2412] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2412] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2411] <... futex resumed>) = 1 [pid 2411] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2411] exit_group(0 [pid 2412] <... futex resumed>) = ? [pid 2412] +++ exited with 0 +++ [pid 2411] <... exit_group resumed>) = ? [pid 2415] <... futex resumed>) = ? [pid 2415] +++ exited with 0 +++ [pid 2411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2411, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./425/binderfs") = 0 [ 80.360266][ T2415] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 80.377037][ T2415] EXT4-fs (loop0): pa ffff8881e69fea80: logic 16, phys. 128, len 24 [ 80.385305][ T2415] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./425/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./425/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./425") = 0 mkdir("./426", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2416 ./strace-static-x86_64: Process 2416 attached [pid 2416] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2416] chdir("./426") = 0 [pid 2416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2416] setpgid(0, 0) = 0 [pid 2416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2416] write(3, "1000", 4) = 4 [pid 2416] close(3) = 0 [pid 2416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2416] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2416] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2416] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2417 attached [pid 2417] set_robust_list(0x7f01680929e0, 24 [pid 2416] <... clone resumed>, parent_tid=[2417], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2417 [pid 2417] <... set_robust_list resumed>) = 0 [pid 2417] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2417] <... futex resumed>) = 0 [pid 2417] memfd_create("syzkaller", 0 [pid 2416] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2417] <... memfd_create resumed>) = 3 [pid 2417] ftruncate(3, 2097152) = 0 [pid 2417] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2417] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2417] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2417] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2417] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2417] mkdir("./file0", 0777) = 0 [pid 2417] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2417] ioctl(4, LOOP_CLR_FD) = 0 [pid 2417] close(4) = 0 [pid 2417] close(3) = 0 [pid 2417] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2416] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2417] chdir("./file0") = 0 [pid 2417] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2416] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2417] creat("./file0", 000) = 3 [pid 2417] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2416] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2416] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2416] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2420], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2420 [pid 2416] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2416] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2417] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2417] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2417] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2420 attached [pid 2420] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2420] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2420] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2416] <... futex resumed>) = 0 [pid 2420] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2417] <... futex resumed>) = 0 [pid 2416] <... futex resumed>) = 1 [pid 2417] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2417] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2417] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2416] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2416] exit_group(0 [pid 2417] <... futex resumed>) = ? [pid 2416] <... exit_group resumed>) = ? [pid 2417] +++ exited with 0 +++ [pid 2420] <... futex resumed>) = ? [pid 2420] +++ exited with 0 +++ [pid 2416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2416, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./426/binderfs") = 0 [ 80.524493][ T2420] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 80.542600][ T2420] EXT4-fs (loop0): pa ffff8881dba2cb28: logic 16, phys. 128, len 24 [ 80.550625][ T2420] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./426/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./426/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./426") = 0 mkdir("./427", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2421 ./strace-static-x86_64: Process 2421 attached [pid 2421] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2421] chdir("./427") = 0 [pid 2421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2421] setpgid(0, 0) = 0 [pid 2421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2421] write(3, "1000", 4) = 4 [pid 2421] close(3) = 0 [pid 2421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2421] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2421] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2421] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2422 attached [pid 2422] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2422] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2421] <... clone resumed>, parent_tid=[2422], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2422 [pid 2421] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2422] <... futex resumed>) = 0 [pid 2421] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2422] memfd_create("syzkaller", 0) = 3 [pid 2422] ftruncate(3, 2097152) = 0 [pid 2422] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2422] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2422] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2422] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2422] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2422] mkdir("./file0", 0777) = 0 [pid 2422] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2422] ioctl(4, LOOP_CLR_FD) = 0 [pid 2422] close(4) = 0 [pid 2422] close(3) = 0 [pid 2422] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2421] <... futex resumed>) = 0 [pid 2422] chdir("./file0" [pid 2421] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2422] <... chdir resumed>) = 0 [pid 2421] <... futex resumed>) = 0 [pid 2422] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2421] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2422] <... futex resumed>) = 0 [pid 2421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2422] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2421] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2421] <... futex resumed>) = 0 [pid 2422] creat("./file0", 000 [pid 2421] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2422] <... creat resumed>) = 3 [pid 2422] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2421] <... futex resumed>) = 0 [pid 2422] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2421] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2422] <... write resumed>) = 40 [pid 2421] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2422] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2421] <... futex resumed>) = 0 [pid 2422] <... futex resumed>) = 0 [pid 2421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2422] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2421] <... mmap resumed>) = 0x7f0168051000 [pid 2421] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2421] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2425 attached , parent_tid=[2425], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2425 [pid 2421] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2421] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2425] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2425] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2425] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2421] <... futex resumed>) = 0 [pid 2421] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2422] <... futex resumed>) = 0 [pid 2421] <... futex resumed>) = 1 [pid 2422] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2421] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2425] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2422] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2422] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2421] <... futex resumed>) = 0 [pid 2422] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2421] exit_group(0 [pid 2425] <... futex resumed>) = ? [pid 2422] <... futex resumed>) = ? [pid 2421] <... exit_group resumed>) = ? [pid 2422] +++ exited with 0 +++ [pid 2425] +++ exited with 0 +++ [pid 2421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2421, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./427/binderfs") = 0 [ 80.656823][ T2425] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 80.673832][ T2425] EXT4-fs (loop0): pa ffff8881e69fef18: logic 16, phys. 128, len 24 [ 80.681859][ T2425] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./427/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./427/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./427") = 0 mkdir("./428", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2426 ./strace-static-x86_64: Process 2426 attached [pid 2426] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2426] chdir("./428") = 0 [pid 2426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2426] setpgid(0, 0) = 0 [pid 2426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2426] write(3, "1000", 4) = 4 [pid 2426] close(3) = 0 [pid 2426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2426] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2426] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2426] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2427 attached , parent_tid=[2427], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2427 [pid 2427] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2426] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2427] memfd_create("syzkaller", 0) = 3 [pid 2427] ftruncate(3, 2097152 [pid 2426] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2427] <... ftruncate resumed>) = 0 [pid 2427] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2427] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2427] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2427] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2427] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2427] mkdir("./file0", 0777) = 0 [pid 2427] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2427] ioctl(4, LOOP_CLR_FD) = 0 [pid 2427] close(4) = 0 [pid 2427] close(3) = 0 [pid 2427] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2427] chdir("./file0" [pid 2426] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2427] <... chdir resumed>) = 0 [pid 2427] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2427] creat("./file0", 000 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2427] <... creat resumed>) = 3 [pid 2427] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2426] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2426] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2430 attached , parent_tid=[2430], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2430 [pid 2430] set_robust_list(0x7f01680719e0, 24 [pid 2426] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2430] <... set_robust_list resumed>) = 0 [pid 2426] <... futex resumed>) = 0 [pid 2426] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2430] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2427] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2430] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2430] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2426] <... futex resumed>) = 0 [pid 2430] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2426] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2430] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2426] <... futex resumed>) = 0 [pid 2430] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2426] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2430] <... futex resumed>) = 0 [pid 2426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2430] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2427] <... write resumed>) = 40 [pid 2427] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2427] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2426] exit_group(0) = ? [pid 2430] <... futex resumed>) = ? [pid 2430] +++ exited with 0 +++ [pid 2427] <... futex resumed>) = ? [pid 2427] +++ exited with 0 +++ [pid 2426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2426, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./428/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./428/binderfs") = 0 [ 80.810074][ T2430] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./428/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./428/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./428") = 0 mkdir("./429", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2431 ./strace-static-x86_64: Process 2431 attached [pid 2431] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2431] chdir("./429") = 0 [pid 2431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2431] setpgid(0, 0) = 0 [pid 2431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2431] write(3, "1000", 4) = 4 [pid 2431] close(3) = 0 [pid 2431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2431] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2431] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2431] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2432 attached , parent_tid=[2432], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2432 [pid 2432] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2432] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2431] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2431] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2432] <... futex resumed>) = 0 [pid 2432] memfd_create("syzkaller", 0) = 3 [pid 2432] ftruncate(3, 2097152) = 0 [pid 2432] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2432] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2432] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2432] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2432] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2432] mkdir("./file0", 0777) = 0 [pid 2432] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2432] ioctl(4, LOOP_CLR_FD) = 0 [pid 2432] close(4) = 0 [pid 2432] close(3) = 0 [pid 2432] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] <... futex resumed>) = 0 [pid 2431] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] <... futex resumed>) = 1 [pid 2432] chdir("./file0") = 0 [pid 2432] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] <... futex resumed>) = 0 [pid 2431] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] <... futex resumed>) = 1 [pid 2432] creat("./file0", 000) = 3 [pid 2432] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] <... futex resumed>) = 0 [pid 2431] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2431] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2431] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2435], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2435 [pid 2431] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2431] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] <... futex resumed>) = 1 [pid 2432] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2432] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2432] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2435 attached [pid 2435] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2435] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2435] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2431] <... futex resumed>) = 0 [pid 2431] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2431] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2432] <... futex resumed>) = 0 [pid 2432] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2432] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2431] <... futex resumed>) = 0 [pid 2431] exit_group(0) = ? [pid 2432] <... futex resumed>) = ? [pid 2432] +++ exited with 0 +++ [pid 2435] +++ exited with 0 +++ [pid 2431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2431, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./429/binderfs") = 0 [ 80.921922][ T2435] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 80.938358][ T2435] EXT4-fs (loop0): pa ffff8881e69fe348: logic 16, phys. 128, len 24 [ 80.946356][ T2435] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./429/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./429/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./429") = 0 mkdir("./430", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2436 ./strace-static-x86_64: Process 2436 attached [pid 2436] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2436] chdir("./430") = 0 [pid 2436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2436] setpgid(0, 0) = 0 [pid 2436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2436] write(3, "1000", 4) = 4 [pid 2436] close(3) = 0 [pid 2436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2436] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2436] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2436] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2437 attached , parent_tid=[2437], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2437 [pid 2436] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2437] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2437] memfd_create("syzkaller", 0) = 3 [pid 2437] ftruncate(3, 2097152) = 0 [pid 2437] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2437] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2437] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2437] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2437] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2437] mkdir("./file0", 0777) = 0 [pid 2437] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2437] ioctl(4, LOOP_CLR_FD) = 0 [pid 2437] close(4) = 0 [pid 2437] close(3) = 0 [pid 2437] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2437] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2436] <... futex resumed>) = 0 [pid 2436] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2436] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2437] <... futex resumed>) = 0 [pid 2437] chdir("./file0") = 0 [pid 2437] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] <... futex resumed>) = 0 [pid 2436] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2437] <... futex resumed>) = 1 [pid 2437] creat("./file0", 000) = 3 [pid 2437] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] <... futex resumed>) = 0 [pid 2436] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2436] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2436] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2440], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2440 [pid 2436] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2436] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2437] <... futex resumed>) = 1 [pid 2437] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2437] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2437] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2440 attached [pid 2440] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2440] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2440] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2436] <... futex resumed>) = 0 [pid 2436] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2436] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2437] <... futex resumed>) = 0 [pid 2437] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2437] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2436] <... futex resumed>) = 0 [pid 2436] exit_group(0) = ? [pid 2437] <... futex resumed>) = ? [pid 2437] +++ exited with 0 +++ [pid 2440] +++ exited with 0 +++ [pid 2436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2436, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./430/binderfs") = 0 [ 81.103908][ T2440] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 81.120459][ T2440] EXT4-fs (loop0): pa ffff8881e69feb28: logic 16, phys. 128, len 24 [ 81.128454][ T2440] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./430/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./430/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./430") = 0 mkdir("./431", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2441 ./strace-static-x86_64: Process 2441 attached [pid 2441] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2441] chdir("./431") = 0 [pid 2441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2441] setpgid(0, 0) = 0 [pid 2441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2441] write(3, "1000", 4) = 4 [pid 2441] close(3) = 0 [pid 2441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2441] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2441] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2441] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2442 attached [pid 2442] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2442] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2441] <... clone resumed>, parent_tid=[2442], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2442 [pid 2441] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2442] <... futex resumed>) = 0 [pid 2441] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2442] memfd_create("syzkaller", 0) = 3 [pid 2442] ftruncate(3, 2097152) = 0 [pid 2442] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2442] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2442] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2442] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2442] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2442] mkdir("./file0", 0777) = 0 [pid 2442] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2442] ioctl(4, LOOP_CLR_FD) = 0 [pid 2442] close(4) = 0 [pid 2442] close(3) = 0 [pid 2442] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2442] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2441] <... futex resumed>) = 0 [pid 2441] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2442] <... futex resumed>) = 0 [pid 2442] chdir("./file0") = 0 [pid 2442] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2442] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2441] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2441] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2442] <... futex resumed>) = 0 [pid 2442] creat("./file0", 000 [pid 2441] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2442] <... creat resumed>) = 3 [pid 2442] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2442] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2441] <... futex resumed>) = 0 [pid 2441] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2442] <... futex resumed>) = 0 [pid 2441] <... futex resumed>) = 1 [pid 2442] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2441] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2442] <... write resumed>) = 40 [pid 2441] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2442] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2441] <... mprotect resumed>) = 0 [pid 2441] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2445 attached [pid 2442] <... futex resumed>) = 0 [pid 2442] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2441] <... clone resumed>, parent_tid=[2445], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2445 [pid 2441] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2441] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2445] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2445] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2445] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2441] <... futex resumed>) = 0 [pid 2445] <... futex resumed>) = 1 [pid 2441] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2442] <... futex resumed>) = 0 [pid 2442] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2442] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2442] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2441] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2445] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2441] exit_group(0) = ? [pid 2442] <... futex resumed>) = ? [pid 2442] +++ exited with 0 +++ [pid 2445] <... futex resumed>) = ? [pid 2445] +++ exited with 0 +++ [pid 2441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2441, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./431/binderfs") = 0 [ 81.298911][ T2445] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 81.316926][ T2445] EXT4-fs (loop0): pa ffff8881e69fe1f8: logic 16, phys. 128, len 24 [ 81.324953][ T2445] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./431/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./431/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./431") = 0 mkdir("./432", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2446 ./strace-static-x86_64: Process 2446 attached [pid 2446] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2446] chdir("./432") = 0 [pid 2446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2446] setpgid(0, 0) = 0 [pid 2446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2446] write(3, "1000", 4) = 4 [pid 2446] close(3) = 0 [pid 2446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2446] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2446] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2446] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2447 attached [pid 2447] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2447] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2446] <... clone resumed>, parent_tid=[2447], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2447 [pid 2446] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2447] memfd_create("syzkaller", 0) = 3 [pid 2447] ftruncate(3, 2097152) = 0 [pid 2447] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2447] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2447] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2447] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2447] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2447] mkdir("./file0", 0777) = 0 [pid 2447] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 2446] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2447] <... mount resumed>) = 0 [pid 2447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2447] ioctl(4, LOOP_CLR_FD) = 0 [pid 2447] close(4) = 0 [pid 2447] close(3) = 0 [pid 2447] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2446] <... futex resumed>) = 0 [pid 2446] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2447] chdir("./file0") = 0 [pid 2447] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2447] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2446] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2446] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2447] creat("./file0", 000 [pid 2446] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] <... creat resumed>) = 3 [pid 2447] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2447] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2446] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2447] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2447] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2447] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2446] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2447] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2446] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2447] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2447] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2446] <... futex resumed>) = 0 [pid 2446] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2447] <... futex resumed>) = 0 [pid 2447] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2447] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2447] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2446] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2446] exit_group(0) = ? [pid 2447] <... futex resumed>) = ? [pid 2447] +++ exited with 0 +++ [pid 2446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2446, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./432/binderfs") = 0 [ 81.423453][ T2447] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 81.441206][ T2447] EXT4-fs (loop0): pa ffff8881dba2c5e8: logic 16, phys. 128, len 24 [ 81.449193][ T2447] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./432/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./432/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./432") = 0 mkdir("./433", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2450 ./strace-static-x86_64: Process 2450 attached [pid 2450] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2450] chdir("./433") = 0 [pid 2450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2450] setpgid(0, 0) = 0 [pid 2450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2450] write(3, "1000", 4) = 4 [pid 2450] close(3) = 0 [pid 2450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2450] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2450] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2450] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2451 attached , parent_tid=[2451], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2451 [pid 2451] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2451] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2450] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2451] <... futex resumed>) = 0 [pid 2451] memfd_create("syzkaller", 0 [pid 2450] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2451] <... memfd_create resumed>) = 3 [pid 2451] ftruncate(3, 2097152) = 0 [pid 2451] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2451] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2451] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2451] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2451] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2451] mkdir("./file0", 0777) = 0 [pid 2451] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2451] ioctl(4, LOOP_CLR_FD) = 0 [pid 2451] close(4) = 0 [pid 2451] close(3) = 0 [pid 2451] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] <... futex resumed>) = 0 [pid 2451] chdir("./file0" [pid 2450] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2451] <... chdir resumed>) = 0 [pid 2451] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2450] <... futex resumed>) = 0 [pid 2451] <... futex resumed>) = 1 [pid 2450] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2451] creat("./file0", 000) = 3 [pid 2451] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] <... futex resumed>) = 0 [pid 2451] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2450] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2451] <... write resumed>) = 40 [pid 2450] <... futex resumed>) = 0 [pid 2451] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2450] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2450] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2450] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2454 attached , parent_tid=[2454], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2454 [pid 2454] set_robust_list(0x7f01680719e0, 24 [pid 2450] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2454] <... set_robust_list resumed>) = 0 [pid 2450] <... futex resumed>) = 0 [pid 2450] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2454] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2451] <... futex resumed>) = 0 [pid 2451] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2454] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2454] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] <... futex resumed>) = 0 [pid 2454] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2450] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2451] <... futex resumed>) = 0 [pid 2451] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2451] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2450] <... futex resumed>) = 0 [pid 2450] exit_group(0) = ? [pid 2454] <... futex resumed>) = ? [pid 2454] +++ exited with 0 +++ [pid 2451] +++ exited with 0 +++ [pid 2450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2450, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./433/binderfs") = 0 [ 81.612418][ T2454] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 81.629495][ T2451] EXT4-fs (loop0): pa ffff8881e69fe7e0: logic 16, phys. 128, len 24 [ 81.637558][ T2451] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./433/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./433/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./433") = 0 mkdir("./434", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2455 ./strace-static-x86_64: Process 2455 attached [pid 2455] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2455] chdir("./434") = 0 [pid 2455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2455] setpgid(0, 0) = 0 [pid 2455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2455] write(3, "1000", 4) = 4 [pid 2455] close(3) = 0 [pid 2455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2455] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2455] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2455] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2456 attached , parent_tid=[2456], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2456 [pid 2456] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2456] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2455] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2456] <... futex resumed>) = 0 [pid 2455] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2456] memfd_create("syzkaller", 0) = 3 [pid 2456] ftruncate(3, 2097152) = 0 [pid 2456] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2456] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2456] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2456] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2456] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2456] mkdir("./file0", 0777) = 0 [pid 2456] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2456] ioctl(4, LOOP_CLR_FD) = 0 [pid 2456] close(4) = 0 [pid 2456] close(3) = 0 [pid 2456] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2456] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2455] <... futex resumed>) = 0 [pid 2455] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2456] <... futex resumed>) = 0 [pid 2455] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2456] chdir("./file0") = 0 [pid 2456] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2455] <... futex resumed>) = 0 [pid 2456] creat("./file0", 000 [pid 2455] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2455] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2456] <... creat resumed>) = 3 [pid 2456] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2455] <... futex resumed>) = 0 [pid 2456] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2455] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2455] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2456] <... write resumed>) = 40 [pid 2455] <... futex resumed>) = 0 [pid 2456] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2456] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2455] <... mmap resumed>) = 0x7f0168051000 [pid 2455] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2455] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2459], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2459 [pid 2455] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2455] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2459 attached [pid 2459] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2459] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2459] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2455] <... futex resumed>) = 0 [pid 2455] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2455] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2456] <... futex resumed>) = 0 [pid 2456] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2456] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2455] <... futex resumed>) = 0 [pid 2455] exit_group(0) = ? [pid 2456] +++ exited with 0 +++ [pid 2459] +++ exited with 0 +++ [pid 2455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2455, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./434/binderfs") = 0 [ 81.752759][ T2459] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 81.769602][ T2459] EXT4-fs (loop0): pa ffff8881e69fec78: logic 16, phys. 128, len 24 [ 81.777609][ T2459] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./434/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./434/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./434") = 0 mkdir("./435", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2460 ./strace-static-x86_64: Process 2460 attached [pid 2460] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2460] chdir("./435") = 0 [pid 2460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2460] setpgid(0, 0) = 0 [pid 2460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2460] write(3, "1000", 4) = 4 [pid 2460] close(3) = 0 [pid 2460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2460] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2460] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2460] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2461], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2461 [pid 2460] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2460] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2461 attached [pid 2461] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2461] memfd_create("syzkaller", 0) = 3 [pid 2461] ftruncate(3, 2097152) = 0 [pid 2461] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2461] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2461] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2461] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2461] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2461] mkdir("./file0", 0777) = 0 [pid 2461] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2461] ioctl(4, LOOP_CLR_FD) = 0 [pid 2461] close(4) = 0 [pid 2461] close(3) = 0 [pid 2461] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2460] <... futex resumed>) = 0 [pid 2460] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2460] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2461] chdir("./file0") = 0 [pid 2461] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2460] <... futex resumed>) = 0 [pid 2460] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2461] creat("./file0", 000 [pid 2460] <... futex resumed>) = 0 [pid 2460] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2461] <... creat resumed>) = 3 [pid 2461] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2460] <... futex resumed>) = 0 [pid 2460] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2460] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2460] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2461] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2460] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2464], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2464 [pid 2460] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2460] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2461] <... write resumed>) = 40 [pid 2461] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2464 attached [pid 2464] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2464] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2461] <... futex resumed>) = 0 [pid 2461] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2464] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2464] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2460] <... futex resumed>) = 0 [pid 2464] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2460] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2460] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2461] <... futex resumed>) = 0 [pid 2461] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2461] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2460] <... futex resumed>) = 0 [pid 2460] exit_group(0) = ? [pid 2464] <... futex resumed>) = ? [pid 2464] +++ exited with 0 +++ [pid 2461] +++ exited with 0 +++ [pid 2460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2460, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./435/binderfs") = 0 [ 81.917746][ T2464] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 81.935152][ T2461] EXT4-fs (loop0): pa ffff8881dba2ce70: logic 16, phys. 128, len 24 [ 81.943168][ T2461] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./435/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./435/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./435") = 0 mkdir("./436", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2465 ./strace-static-x86_64: Process 2465 attached [pid 2465] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2465] chdir("./436") = 0 [pid 2465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2465] setpgid(0, 0) = 0 [pid 2465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2465] write(3, "1000", 4) = 4 [pid 2465] close(3) = 0 [pid 2465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2465] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2465] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2465] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2466 attached [pid 2466] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2466] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2465] <... clone resumed>, parent_tid=[2466], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2466 [pid 2465] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2466] <... futex resumed>) = 0 [pid 2466] memfd_create("syzkaller", 0 [pid 2465] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2466] <... memfd_create resumed>) = 3 [pid 2466] ftruncate(3, 2097152) = 0 [pid 2466] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2466] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2466] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2466] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2466] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2466] mkdir("./file0", 0777) = 0 [pid 2466] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2466] ioctl(4, LOOP_CLR_FD) = 0 [pid 2466] close(4) = 0 [pid 2466] close(3) = 0 [pid 2466] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2465] <... futex resumed>) = 0 [pid 2465] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2466] <... futex resumed>) = 1 [pid 2466] chdir("./file0") = 0 [pid 2466] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2465] <... futex resumed>) = 0 [pid 2465] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2466] <... futex resumed>) = 1 [pid 2466] creat("./file0", 000) = 3 [pid 2466] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2465] <... futex resumed>) = 0 [pid 2465] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2465] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2465] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2469], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2469 [pid 2465] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2465] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2466] <... futex resumed>) = 1 [pid 2466] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2466] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2466] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2469 attached [pid 2469] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2469] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2469] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2465] <... futex resumed>) = 0 [pid 2469] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2465] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2466] <... futex resumed>) = 0 [pid 2465] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2466] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2466] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2465] <... futex resumed>) = 0 [pid 2466] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2465] exit_group(0) = ? [pid 2469] <... futex resumed>) = ? [pid 2469] +++ exited with 0 +++ [pid 2466] <... futex resumed>) = ? [pid 2466] +++ exited with 0 +++ [pid 2465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2465, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./436/binderfs") = 0 [ 82.083618][ T2469] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 82.101863][ T2466] EXT4-fs (loop0): pa ffff8881e6ba6690: logic 16, phys. 128, len 24 [ 82.109865][ T2466] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./436/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./436/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./436") = 0 mkdir("./437", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2470 ./strace-static-x86_64: Process 2470 attached [pid 2470] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2470] chdir("./437") = 0 [pid 2470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2470] setpgid(0, 0) = 0 [pid 2470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2470] write(3, "1000", 4) = 4 [pid 2470] close(3) = 0 [pid 2470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2470] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2470] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2470] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2471 attached , parent_tid=[2471], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2471 [pid 2471] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2471] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2470] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2471] <... futex resumed>) = 0 [pid 2471] memfd_create("syzkaller", 0 [pid 2470] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2471] <... memfd_create resumed>) = 3 [pid 2471] ftruncate(3, 2097152) = 0 [pid 2471] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2471] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2471] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2471] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2471] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2471] mkdir("./file0", 0777) = 0 [pid 2471] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2471] ioctl(4, LOOP_CLR_FD) = 0 [pid 2471] close(4) = 0 [pid 2471] close(3) = 0 [pid 2471] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2471] chdir("./file0" [pid 2470] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2471] <... chdir resumed>) = 0 [pid 2470] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2471] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2471] creat("./file0", 000 [pid 2470] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2470] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2471] <... creat resumed>) = 3 [pid 2471] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2470] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2470] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2470] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2470] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2474 attached [pid 2471] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2470] <... clone resumed>, parent_tid=[2474], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2474 [pid 2470] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2470] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2474] set_robust_list(0x7f01680719e0, 24 [pid 2471] <... write resumed>) = 40 [pid 2474] <... set_robust_list resumed>) = 0 [pid 2471] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2474] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2471] <... futex resumed>) = 0 [pid 2471] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2474] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2474] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2470] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2474] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2471] <... futex resumed>) = 0 [pid 2471] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2471] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2470] <... futex resumed>) = 0 [pid 2470] exit_group(0 [pid 2471] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2470] <... exit_group resumed>) = ? [pid 2474] <... futex resumed>) = ? [pid 2471] <... futex resumed>) = ? [pid 2471] +++ exited with 0 +++ [pid 2474] +++ exited with 0 +++ [pid 2470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2470, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./437/binderfs") = 0 [ 82.226047][ T2474] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 82.244007][ T2474] EXT4-fs (loop0): pa ffff8881e6ba6738: logic 16, phys. 128, len 24 [ 82.252028][ T2474] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./437/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./437/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./437") = 0 mkdir("./438", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2475 ./strace-static-x86_64: Process 2475 attached [pid 2475] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2475] chdir("./438") = 0 [pid 2475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2475] setpgid(0, 0) = 0 [pid 2475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2475] write(3, "1000", 4) = 4 [pid 2475] close(3) = 0 [pid 2475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2475] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2475] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2475] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2476 attached , parent_tid=[2476], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2476 [pid 2476] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2476] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2475] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2476] <... futex resumed>) = 0 [pid 2476] memfd_create("syzkaller", 0 [pid 2475] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2476] <... memfd_create resumed>) = 3 [pid 2476] ftruncate(3, 2097152) = 0 [pid 2476] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2476] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2476] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2476] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2476] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2476] mkdir("./file0", 0777) = 0 [pid 2476] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2476] ioctl(4, LOOP_CLR_FD) = 0 [pid 2476] close(4) = 0 [pid 2476] close(3) = 0 [pid 2476] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2476] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2475] <... futex resumed>) = 0 [pid 2475] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2476] <... futex resumed>) = 0 [pid 2475] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] chdir("./file0") = 0 [pid 2476] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2476] <... futex resumed>) = 0 [pid 2476] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2475] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2475] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] <... futex resumed>) = 0 [pid 2476] creat("./file0", 000) = 3 [pid 2476] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2475] <... futex resumed>) = 0 [pid 2475] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2475] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2475] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2479 attached , parent_tid=[2479], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2479 [pid 2475] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2475] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2479] set_robust_list(0x7f01680719e0, 24 [pid 2476] <... futex resumed>) = 1 [pid 2476] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2476] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2476] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2479] <... set_robust_list resumed>) = 0 [pid 2479] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2479] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2475] <... futex resumed>) = 0 [pid 2479] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2475] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2476] <... futex resumed>) = 0 [pid 2475] <... futex resumed>) = 1 [pid 2475] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2476] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2476] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2475] <... futex resumed>) = 0 [pid 2475] exit_group(0) = ? [pid 2476] +++ exited with 0 +++ [pid 2479] <... futex resumed>) = ? [pid 2479] +++ exited with 0 +++ [pid 2475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2475, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./438/binderfs") = 0 [ 82.352383][ T2479] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 82.370357][ T2479] EXT4-fs (loop0): pa ffff8881e6ba6f18: logic 16, phys. 128, len 24 [ 82.378344][ T2479] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./438/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./438/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./438") = 0 mkdir("./439", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2480 ./strace-static-x86_64: Process 2480 attached [pid 2480] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2480] chdir("./439") = 0 [pid 2480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2480] setpgid(0, 0) = 0 [pid 2480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2480] write(3, "1000", 4) = 4 [pid 2480] close(3) = 0 [pid 2480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2480] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2480] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2480] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2481 attached [pid 2481] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2481] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2480] <... clone resumed>, parent_tid=[2481], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2481 [pid 2480] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2481] <... futex resumed>) = 0 [pid 2480] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2481] memfd_create("syzkaller", 0) = 3 [pid 2481] ftruncate(3, 2097152) = 0 [pid 2481] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2481] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2481] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2481] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2481] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2481] mkdir("./file0", 0777) = 0 [pid 2481] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2481] ioctl(4, LOOP_CLR_FD) = 0 [pid 2481] close(4) = 0 [pid 2481] close(3) = 0 [pid 2481] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2481] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2480] <... futex resumed>) = 0 [pid 2480] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2480] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2481] <... futex resumed>) = 0 [pid 2481] chdir("./file0") = 0 [pid 2481] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2480] <... futex resumed>) = 0 [pid 2480] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2480] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2481] <... futex resumed>) = 1 [pid 2481] creat("./file0", 000) = 3 [pid 2481] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2480] <... futex resumed>) = 0 [pid 2480] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2480] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2480] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2480] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2484], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2484 [pid 2480] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2484 attached [pid 2480] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2481] <... futex resumed>) = 1 [pid 2481] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2484] set_robust_list(0x7f01680719e0, 24 [pid 2481] <... write resumed>) = 40 [pid 2481] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2484] <... set_robust_list resumed>) = 0 [pid 2481] <... futex resumed>) = 0 [pid 2481] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2484] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2484] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2480] <... futex resumed>) = 0 [pid 2480] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2480] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2481] <... futex resumed>) = 0 [pid 2481] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2481] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2480] <... futex resumed>) = 0 [pid 2480] exit_group(0) = ? [pid 2484] +++ exited with 0 +++ [pid 2481] <... futex resumed>) = ? [pid 2481] +++ exited with 0 +++ [pid 2480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2480, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./439/binderfs") = 0 [ 82.486439][ T2484] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 82.503539][ T2481] EXT4-fs (loop0): pa ffff8881e6ba69d8: logic 16, phys. 128, len 24 [ 82.511736][ T2481] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./439/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./439/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./439") = 0 mkdir("./440", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2485 attached , child_tidptr=0x55555656e5d0) = 2485 [pid 2485] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2485] chdir("./440") = 0 [pid 2485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2485] setpgid(0, 0) = 0 [pid 2485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2485] write(3, "1000", 4) = 4 [pid 2485] close(3) = 0 [pid 2485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2485] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2485] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2485] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2486 attached , parent_tid=[2486], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2486 [pid 2486] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2486] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2485] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2486] <... futex resumed>) = 0 [pid 2486] memfd_create("syzkaller", 0) = 3 [pid 2486] ftruncate(3, 2097152) = 0 [pid 2486] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2486] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2486] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2486] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2486] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2486] ioctl(4, LOOP_SET_FD, 3 [pid 2485] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2486] <... ioctl resumed>) = 0 [pid 2486] mkdir("./file0", 0777) = 0 [pid 2486] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2486] ioctl(4, LOOP_CLR_FD) = 0 [pid 2486] close(4) = 0 [pid 2486] close(3) = 0 [pid 2486] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2486] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2485] <... futex resumed>) = 0 [pid 2485] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2485] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2486] <... futex resumed>) = 0 [pid 2486] chdir("./file0") = 0 [pid 2486] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2485] <... futex resumed>) = 0 [pid 2485] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2485] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2486] creat("./file0", 000) = 3 [pid 2486] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2485] <... futex resumed>) = 0 [pid 2485] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2485] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2485] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2485] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2489 attached , parent_tid=[2489], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2489 [pid 2485] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2485] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2486] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2486] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2486] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2489] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2489] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2489] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2485] <... futex resumed>) = 0 [pid 2485] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2485] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2486] <... futex resumed>) = 0 [pid 2486] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2486] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2485] <... futex resumed>) = 0 [pid 2485] exit_group(0) = ? [pid 2486] +++ exited with 0 +++ [pid 2489] +++ exited with 0 +++ [pid 2485] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2485, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./440/binderfs") = 0 [ 82.652645][ T2489] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 82.668856][ T2489] EXT4-fs (loop0): pa ffff8881e69fe0a8: logic 16, phys. 128, len 24 [ 82.677020][ T2489] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./440/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./440/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./440") = 0 mkdir("./441", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2490 ./strace-static-x86_64: Process 2490 attached [pid 2490] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2490] chdir("./441") = 0 [pid 2490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2490] setpgid(0, 0) = 0 [pid 2490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2490] write(3, "1000", 4) = 4 [pid 2490] close(3) = 0 [pid 2490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2490] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2490] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2490] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2491 attached [pid 2491] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2491] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2490] <... clone resumed>, parent_tid=[2491], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2491 [pid 2490] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2491] <... futex resumed>) = 0 [pid 2490] <... futex resumed>) = 1 [pid 2491] memfd_create("syzkaller", 0 [pid 2490] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2491] <... memfd_create resumed>) = 3 [pid 2491] ftruncate(3, 2097152) = 0 [pid 2491] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2491] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2491] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2491] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2491] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2491] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2491] mkdir("./file0", 0777) = 0 [pid 2491] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2491] ioctl(4, LOOP_CLR_FD) = 0 [pid 2491] close(4) = 0 [pid 2491] close(3) = 0 [pid 2491] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2490] <... futex resumed>) = 0 [pid 2490] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2491] chdir("./file0") = 0 [pid 2491] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2490] <... futex resumed>) = 0 [pid 2490] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2491] creat("./file0", 000) = 3 [pid 2491] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2490] <... futex resumed>) = 0 [pid 2490] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2490] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2490] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2491] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2490] <... clone resumed>, parent_tid=[2494], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2494 [pid 2490] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2491] <... write resumed>) = 40 [pid 2490] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2494 attached [pid 2491] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2490] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2494] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2494] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2491] <... futex resumed>) = 0 [pid 2491] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2494] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2494] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2490] <... futex resumed>) = 0 [pid 2494] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2490] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2490] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2491] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2491] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2490] <... futex resumed>) = 0 [pid 2490] exit_group(0) = ? [pid 2494] <... futex resumed>) = ? [pid 2494] +++ exited with 0 +++ [pid 2491] +++ exited with 0 +++ [pid 2490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2490, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./441/binderfs") = 0 [ 82.808270][ T2494] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 82.825822][ T2491] EXT4-fs (loop0): pa ffff8881e6ba6b28: logic 16, phys. 128, len 24 [ 82.833839][ T2491] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./441/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./441/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./441") = 0 mkdir("./442", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2495 ./strace-static-x86_64: Process 2495 attached [pid 2495] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2495] chdir("./442") = 0 [pid 2495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2495] setpgid(0, 0) = 0 [pid 2495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2495] write(3, "1000", 4) = 4 [pid 2495] close(3) = 0 [pid 2495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2495] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2495] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2495] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2496], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2496 [pid 2495] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2496 attached ) = 0 [pid 2495] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2496] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2496] memfd_create("syzkaller", 0) = 3 [pid 2496] ftruncate(3, 2097152) = 0 [pid 2496] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2496] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2496] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2496] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2496] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2496] mkdir("./file0", 0777) = 0 [pid 2496] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2496] ioctl(4, LOOP_CLR_FD) = 0 [pid 2496] close(4) = 0 [pid 2496] close(3) = 0 [pid 2496] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2495] <... futex resumed>) = 0 [pid 2495] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2495] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2496] <... futex resumed>) = 1 [pid 2496] chdir("./file0") = 0 [pid 2496] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2495] <... futex resumed>) = 0 [pid 2495] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2495] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2496] <... futex resumed>) = 1 [pid 2496] creat("./file0", 000) = 3 [pid 2496] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2495] <... futex resumed>) = 0 [pid 2495] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2495] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2495] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2495] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2499], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2499 [pid 2495] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2495] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2496] <... futex resumed>) = 1 [pid 2496] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2496] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2496] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2499 attached [pid 2499] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2499] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2499] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2495] <... futex resumed>) = 0 [pid 2495] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2496] <... futex resumed>) = 0 [pid 2495] <... futex resumed>) = 1 [pid 2496] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2495] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2496] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2496] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2495] <... futex resumed>) = 0 [pid 2496] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2495] exit_group(0 [pid 2496] <... futex resumed>) = ? [pid 2495] <... exit_group resumed>) = ? [pid 2496] +++ exited with 0 +++ [pid 2499] +++ exited with 0 +++ [pid 2495] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2495, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./442/binderfs") = 0 [ 82.962563][ T2499] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 82.979297][ T2499] EXT4-fs (loop0): pa ffff8881e69fe000: logic 16, phys. 128, len 24 [ 82.987366][ T2499] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./442/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./442/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./442") = 0 mkdir("./443", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2500 attached , child_tidptr=0x55555656e5d0) = 2500 [pid 2500] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2500] chdir("./443") = 0 [pid 2500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2500] setpgid(0, 0) = 0 [pid 2500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2500] write(3, "1000", 4) = 4 [pid 2500] close(3) = 0 [pid 2500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2500] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2500] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2500] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2501], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2501 [pid 2500] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2501 attached [pid 2501] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2501] memfd_create("syzkaller", 0) = 3 [pid 2501] ftruncate(3, 2097152) = 0 [pid 2501] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2501] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2501] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2501] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2501] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2501] mkdir("./file0", 0777) = 0 [pid 2501] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2501] ioctl(4, LOOP_CLR_FD) = 0 [pid 2501] close(4) = 0 [pid 2501] close(3) = 0 [pid 2501] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2500] <... futex resumed>) = 0 [pid 2500] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2501] chdir("./file0" [pid 2500] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2501] <... chdir resumed>) = 0 [pid 2501] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2500] <... futex resumed>) = 0 [pid 2501] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2500] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2501] creat("./file0", 000) = 3 [pid 2501] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2500] <... futex resumed>) = 0 [pid 2501] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2500] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2501] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2500] <... futex resumed>) = 0 [pid 2500] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2500] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2501] <... write resumed>) = 40 [pid 2500] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2504 attached [pid 2501] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2500] <... clone resumed>, parent_tid=[2504], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2504 [pid 2500] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2500] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2504] set_robust_list(0x7f01680719e0, 24 [pid 2501] <... futex resumed>) = 0 [pid 2501] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2504] <... set_robust_list resumed>) = 0 [pid 2504] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2504] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2500] <... futex resumed>) = 0 [pid 2500] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2500] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2501] <... futex resumed>) = 0 [pid 2501] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2501] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2500] <... futex resumed>) = 0 [pid 2501] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2500] exit_group(0 [pid 2501] <... futex resumed>) = ? [pid 2500] <... exit_group resumed>) = ? [pid 2501] +++ exited with 0 +++ [pid 2504] +++ exited with 0 +++ [pid 2500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2500, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./443/binderfs") = 0 [ 83.125654][ T2504] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 83.143404][ T2504] EXT4-fs (loop0): pa ffff8881e6ba6000: logic 16, phys. 128, len 24 [ 83.151444][ T2504] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./443/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./443/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./443") = 0 mkdir("./444", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2505 attached [pid 2505] set_robust_list(0x55555656e5e0, 24 [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2505 [pid 2505] <... set_robust_list resumed>) = 0 [pid 2505] chdir("./444") = 0 [pid 2505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2505] setpgid(0, 0) = 0 [pid 2505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2505] write(3, "1000", 4) = 4 [pid 2505] close(3) = 0 [pid 2505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2505] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2505] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2505] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2506 attached , parent_tid=[2506], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2506 [pid 2506] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2506] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2505] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2506] <... futex resumed>) = 0 [pid 2505] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2506] memfd_create("syzkaller", 0) = 3 [pid 2506] ftruncate(3, 2097152) = 0 [pid 2506] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2506] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2506] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2506] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2506] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2506] mkdir("./file0", 0777) = 0 [pid 2506] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2506] ioctl(4, LOOP_CLR_FD) = 0 [pid 2506] close(4) = 0 [pid 2506] close(3) = 0 [pid 2506] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2505] <... futex resumed>) = 0 [pid 2505] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2506] chdir("./file0" [pid 2505] <... futex resumed>) = 0 [pid 2505] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2506] <... chdir resumed>) = 0 [pid 2506] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2505] <... futex resumed>) = 0 [pid 2505] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2506] creat("./file0", 000) = 3 [pid 2506] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2505] <... futex resumed>) = 0 [pid 2505] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2505] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2505] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2509], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2509 [pid 2505] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2505] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2506] <... futex resumed>) = 1 [pid 2506] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2506] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2506] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2509 attached [pid 2509] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2509] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2509] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2505] <... futex resumed>) = 0 [pid 2505] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2506] <... futex resumed>) = 0 [pid 2505] <... futex resumed>) = 1 [pid 2506] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2505] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2506] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2506] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2505] <... futex resumed>) = 0 [pid 2506] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2505] exit_group(0 [pid 2506] <... futex resumed>) = ? [pid 2505] <... exit_group resumed>) = ? [pid 2509] <... futex resumed>) = ? [pid 2506] +++ exited with 0 +++ [pid 2509] +++ exited with 0 +++ [pid 2505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2505, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./444/binderfs") = 0 [ 83.285221][ T2509] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 83.301811][ T2509] EXT4-fs (loop0): pa ffff8881e6ba6d20: logic 16, phys. 128, len 24 [ 83.309816][ T2509] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./444/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./444/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./444") = 0 mkdir("./445", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2510 ./strace-static-x86_64: Process 2510 attached [pid 2510] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2510] chdir("./445") = 0 [pid 2510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2510] setpgid(0, 0) = 0 [pid 2510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2510] write(3, "1000", 4) = 4 [pid 2510] close(3) = 0 [pid 2510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2510] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2510] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2510] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2511 attached , parent_tid=[2511], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2511 [pid 2511] set_robust_list(0x7f01680929e0, 24 [pid 2510] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] <... set_robust_list resumed>) = 0 [pid 2510] <... futex resumed>) = 0 [pid 2510] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2511] memfd_create("syzkaller", 0) = 3 [pid 2511] ftruncate(3, 2097152) = 0 [pid 2511] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2511] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2511] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2511] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2511] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2511] mkdir("./file0", 0777) = 0 [pid 2511] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2511] ioctl(4, LOOP_CLR_FD) = 0 [pid 2511] close(4) = 0 [pid 2511] close(3) = 0 [pid 2511] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2510] <... futex resumed>) = 0 [pid 2511] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2510] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2511] <... futex resumed>) = 0 [pid 2511] chdir("./file0") = 0 [pid 2511] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2511] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2510] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2510] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] <... futex resumed>) = 0 [pid 2510] <... futex resumed>) = 1 [pid 2511] creat("./file0", 000 [pid 2510] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2511] <... creat resumed>) = 3 [pid 2511] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2511] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2510] <... futex resumed>) = 0 [pid 2510] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2511] <... futex resumed>) = 0 [pid 2510] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2511] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2511] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2510] <... futex resumed>) = 0 [pid 2510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2510] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2510] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2514 attached , parent_tid=[2514], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2514 [pid 2514] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2514] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2510] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2514] <... futex resumed>) = 0 [pid 2510] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2514] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2514] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2510] <... futex resumed>) = 0 [pid 2514] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2510] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2511] <... futex resumed>) = 0 [pid 2510] <... futex resumed>) = 1 [pid 2511] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2510] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2511] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2511] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2510] <... futex resumed>) = 0 [pid 2510] exit_group(0 [pid 2511] <... futex resumed>) = ? [pid 2510] <... exit_group resumed>) = ? [pid 2511] +++ exited with 0 +++ [pid 2514] <... futex resumed>) = ? [pid 2514] +++ exited with 0 +++ [pid 2510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2510, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./445/binderfs") = 0 [ 83.439850][ T2514] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 83.455871][ T2514] EXT4-fs (loop0): pa ffff8881e6ba61f8: logic 16, phys. 128, len 24 [ 83.464022][ T2514] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./445/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./445/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./445") = 0 mkdir("./446", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2515 ./strace-static-x86_64: Process 2515 attached [pid 2515] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2515] chdir("./446") = 0 [pid 2515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2515] setpgid(0, 0) = 0 [pid 2515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2515] write(3, "1000", 4) = 4 [pid 2515] close(3) = 0 [pid 2515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2515] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2515] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2515] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2516 attached , parent_tid=[2516], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2516 [pid 2516] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2516] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2515] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2516] <... futex resumed>) = 0 [pid 2516] memfd_create("syzkaller", 0 [pid 2515] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2516] <... memfd_create resumed>) = 3 [pid 2516] ftruncate(3, 2097152) = 0 [pid 2516] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2516] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2516] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2516] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2516] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2516] mkdir("./file0", 0777) = 0 [pid 2516] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2516] ioctl(4, LOOP_CLR_FD) = 0 [pid 2516] close(4) = 0 [pid 2516] close(3) = 0 [pid 2516] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2515] <... futex resumed>) = 0 [pid 2515] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2516] chdir("./file0") = 0 [pid 2515] <... futex resumed>) = 0 [pid 2515] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2515] <... futex resumed>) = 0 [pid 2515] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2516] creat("./file0", 000 [pid 2515] <... futex resumed>) = 0 [pid 2515] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] <... creat resumed>) = 3 [pid 2516] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2515] <... futex resumed>) = 0 [pid 2516] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2515] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2515] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2516] <... write resumed>) = 40 [pid 2515] <... mprotect resumed>) = 0 [pid 2516] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2516] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2515] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2519], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2519 [pid 2515] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2519 attached [pid 2515] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2519] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2519] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2519] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2515] <... futex resumed>) = 0 [pid 2515] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2516] <... futex resumed>) = 0 [pid 2515] <... futex resumed>) = 1 [pid 2516] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2515] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2516] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2516] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2515] <... futex resumed>) = 0 [pid 2516] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2515] exit_group(0 [pid 2516] <... futex resumed>) = ? [pid 2515] <... exit_group resumed>) = ? [pid 2516] +++ exited with 0 +++ [pid 2519] +++ exited with 0 +++ [pid 2515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2515, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./446", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./446/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./446/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./446/binderfs") = 0 [ 83.562260][ T2519] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 83.579211][ T2519] EXT4-fs (loop0): pa ffff8881e69fe540: logic 16, phys. 128, len 24 [ 83.587279][ T2519] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./446/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./446/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./446") = 0 mkdir("./447", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2520 ./strace-static-x86_64: Process 2520 attached [pid 2520] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2520] chdir("./447") = 0 [pid 2520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2520] setpgid(0, 0) = 0 [pid 2520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2520] write(3, "1000", 4) = 4 [pid 2520] close(3) = 0 [pid 2520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2520] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2520] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2520] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2521 attached , parent_tid=[2521], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2521 [pid 2521] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2521] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2520] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2521] <... futex resumed>) = 0 [pid 2521] memfd_create("syzkaller", 0 [pid 2520] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2521] <... memfd_create resumed>) = 3 [pid 2521] ftruncate(3, 2097152) = 0 [pid 2521] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2521] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2521] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2521] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2521] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2521] mkdir("./file0", 0777) = 0 [pid 2521] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2521] ioctl(4, LOOP_CLR_FD) = 0 [pid 2521] close(4) = 0 [pid 2521] close(3) = 0 [pid 2521] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2521] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2520] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2520] <... futex resumed>) = 0 [pid 2521] chdir("./file0" [pid 2520] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2521] <... chdir resumed>) = 0 [pid 2521] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2521] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2520] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2521] <... futex resumed>) = 0 [pid 2521] creat("./file0", 000 [pid 2520] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2521] <... creat resumed>) = 3 [pid 2521] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2521] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2520] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2520] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2521] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2520] <... futex resumed>) = 0 [pid 2520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2520] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2521] <... write resumed>) = 40 [pid 2521] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2521] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2520] <... mprotect resumed>) = 0 [pid 2520] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2524], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2524 [pid 2520] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2520] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2524 attached [pid 2524] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2524] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2524] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2520] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2524] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2521] <... futex resumed>) = 0 [pid 2521] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2521] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2520] <... futex resumed>) = 0 [pid 2520] exit_group(0) = ? [pid 2524] <... futex resumed>) = ? [pid 2521] +++ exited with 0 +++ [pid 2524] +++ exited with 0 +++ [pid 2520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2520, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./447", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./447/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./447/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./447/binderfs") = 0 [ 83.720109][ T2524] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 83.737556][ T2524] EXT4-fs (loop0): pa ffff8881db871bd0: logic 16, phys. 128, len 24 [ 83.745617][ T2524] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./447/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./447/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./447") = 0 mkdir("./448", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2525 ./strace-static-x86_64: Process 2525 attached [pid 2525] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2525] chdir("./448") = 0 [pid 2525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2525] setpgid(0, 0) = 0 [pid 2525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2525] write(3, "1000", 4) = 4 [pid 2525] close(3) = 0 [pid 2525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2525] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2525] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2525] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2526], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2526 [pid 2525] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2526 attached [pid 2526] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2526] memfd_create("syzkaller", 0) = 3 [pid 2526] ftruncate(3, 2097152) = 0 [pid 2526] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2526] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2526] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2526] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2526] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2526] mkdir("./file0", 0777) = 0 [pid 2526] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2526] ioctl(4, LOOP_CLR_FD) = 0 [pid 2526] close(4) = 0 [pid 2526] close(3) = 0 [pid 2526] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2525] <... futex resumed>) = 0 [pid 2525] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] <... futex resumed>) = 1 [pid 2526] chdir("./file0") = 0 [pid 2526] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2525] <... futex resumed>) = 0 [pid 2525] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] <... futex resumed>) = 1 [pid 2526] creat("./file0", 000) = 3 [pid 2526] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2525] <... futex resumed>) = 0 [pid 2525] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2525] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2525] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2529], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2529 [pid 2525] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2525] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] <... futex resumed>) = 1 [pid 2526] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2526] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2526] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2529 attached [pid 2529] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2529] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2529] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2525] <... futex resumed>) = 0 [pid 2525] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2525] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2526] <... futex resumed>) = 0 [pid 2526] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2526] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2525] <... futex resumed>) = 0 [pid 2525] exit_group(0) = ? [pid 2526] <... futex resumed>) = ? [pid 2526] +++ exited with 0 +++ [pid 2529] +++ exited with 0 +++ [pid 2525] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2525, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./448", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./448/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./448/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./448/binderfs") = 0 [ 83.884265][ T2529] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 83.901072][ T2529] EXT4-fs (loop0): pa ffff8881db871498: logic 16, phys. 128, len 24 [ 83.909070][ T2529] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./448/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./448/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./448") = 0 mkdir("./449", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2530 ./strace-static-x86_64: Process 2530 attached [pid 2530] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2530] chdir("./449") = 0 [pid 2530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2530] setpgid(0, 0) = 0 [pid 2530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2530] write(3, "1000", 4) = 4 [pid 2530] close(3) = 0 [pid 2530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2530] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2530] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2530] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2531 attached , parent_tid=[2531], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2531 [pid 2531] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2531] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2530] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2531] <... futex resumed>) = 0 [pid 2531] memfd_create("syzkaller", 0) = 3 [pid 2530] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2531] ftruncate(3, 2097152) = 0 [pid 2531] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2531] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2531] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2531] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2531] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2531] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2531] mkdir("./file0", 0777) = 0 [pid 2531] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2531] ioctl(4, LOOP_CLR_FD) = 0 [pid 2531] close(4) = 0 [pid 2531] close(3) = 0 [pid 2531] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2531] <... futex resumed>) = 1 [pid 2531] chdir("./file0") = 0 [pid 2531] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2531] <... futex resumed>) = 1 [pid 2531] creat("./file0", 000) = 3 [pid 2531] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2530] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2530] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2534], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2534 [pid 2530] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2530] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2531] <... futex resumed>) = 1 [pid 2531] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2531] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2531] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2534 attached [pid 2534] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2534] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2534] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2530] <... futex resumed>) = 0 [pid 2530] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2530] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2531] <... futex resumed>) = 0 [pid 2531] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2531] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2530] <... futex resumed>) = 0 [pid 2530] exit_group(0) = ? [pid 2531] <... futex resumed>) = ? [pid 2531] +++ exited with 0 +++ [pid 2534] +++ exited with 0 +++ [pid 2530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2530, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./449", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./449/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./449/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./449/binderfs") = 0 [ 84.054360][ T2534] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 84.070834][ T2534] EXT4-fs (loop0): pa ffff8881db871f18: logic 16, phys. 128, len 24 [ 84.078839][ T2534] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./449/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./449/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./449") = 0 mkdir("./450", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2535 attached , child_tidptr=0x55555656e5d0) = 2535 [pid 2535] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2535] chdir("./450") = 0 [pid 2535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2535] setpgid(0, 0) = 0 [pid 2535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2535] write(3, "1000", 4) = 4 [pid 2535] close(3) = 0 [pid 2535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2535] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2535] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2535] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2536 attached , parent_tid=[2536], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2536 [pid 2536] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2536] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2535] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2536] <... futex resumed>) = 0 [pid 2535] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2536] memfd_create("syzkaller", 0) = 3 [pid 2536] ftruncate(3, 2097152) = 0 [pid 2536] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2536] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2536] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2536] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2536] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2536] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2536] mkdir("./file0", 0777) = 0 [pid 2536] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2536] ioctl(4, LOOP_CLR_FD) = 0 [pid 2536] close(4) = 0 [pid 2536] close(3) = 0 [pid 2536] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2535] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2536] chdir("./file0") = 0 [pid 2536] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2535] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2536] creat("./file0", 000) = 3 [pid 2536] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2535] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2535] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2536] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2535] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2536] <... write resumed>) = 40 [pid 2536] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2539 attached ) = 0 [pid 2535] <... clone resumed>, parent_tid=[2539], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2539 [pid 2539] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2539] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2536] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2535] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2539] <... futex resumed>) = 0 [pid 2539] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2535] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2539] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2539] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2535] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2536] <... futex resumed>) = 0 [pid 2536] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2536] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2535] <... futex resumed>) = 0 [pid 2535] exit_group(0) = ? [pid 2539] +++ exited with 0 +++ [pid 2536] +++ exited with 0 +++ [pid 2535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2535, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./450", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./450/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./450/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./450/binderfs") = 0 [ 84.199763][ T2539] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 84.216704][ T2536] EXT4-fs (loop0): pa ffff8881e6ba67e0: logic 16, phys. 128, len 24 [ 84.224774][ T2536] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./450/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./450/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./450") = 0 mkdir("./451", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2540 ./strace-static-x86_64: Process 2540 attached [pid 2540] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2540] chdir("./451") = 0 [pid 2540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2540] setpgid(0, 0) = 0 [pid 2540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2540] write(3, "1000", 4) = 4 [pid 2540] close(3) = 0 [pid 2540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2540] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2540] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2540] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2541], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2541 [pid 2540] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2541 attached [pid 2541] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2541] memfd_create("syzkaller", 0) = 3 [pid 2541] ftruncate(3, 2097152) = 0 [pid 2541] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2541] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2541] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2541] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2541] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2541] mkdir("./file0", 0777) = 0 [pid 2541] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2541] ioctl(4, LOOP_CLR_FD) = 0 [pid 2541] close(4) = 0 [pid 2541] close(3) = 0 [pid 2541] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2540] <... futex resumed>) = 0 [pid 2540] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... futex resumed>) = 1 [pid 2541] chdir("./file0") = 0 [pid 2541] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2540] <... futex resumed>) = 0 [pid 2540] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... futex resumed>) = 1 [pid 2541] creat("./file0", 000) = 3 [pid 2541] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2540] <... futex resumed>) = 0 [pid 2540] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2540] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2540] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2544], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2544 [pid 2540] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2540] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... futex resumed>) = 1 [pid 2541] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2541] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2541] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2544 attached [pid 2544] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2544] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2544] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2540] <... futex resumed>) = 0 [pid 2540] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2541] <... futex resumed>) = 0 [pid 2540] <... futex resumed>) = 1 [pid 2541] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2540] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2541] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2541] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2540] <... futex resumed>) = 0 [pid 2541] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2540] exit_group(0 [pid 2541] <... futex resumed>) = ? [pid 2540] <... exit_group resumed>) = ? [pid 2541] +++ exited with 0 +++ [pid 2544] +++ exited with 0 +++ [pid 2540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2540, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./451", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./451/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./451/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./451/binderfs") = 0 [ 84.355451][ T2544] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 84.372840][ T2544] EXT4-fs (loop0): pa ffff8881e6ba6930: logic 16, phys. 128, len 24 [ 84.380859][ T2544] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./451/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./451/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./451") = 0 mkdir("./452", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2545 ./strace-static-x86_64: Process 2545 attached [pid 2545] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2545] chdir("./452") = 0 [pid 2545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2545] setpgid(0, 0) = 0 [pid 2545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2545] write(3, "1000", 4) = 4 [pid 2545] close(3) = 0 [pid 2545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2545] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2545] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2545] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2546 attached , parent_tid=[2546], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2546 [pid 2546] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2546] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2546] <... futex resumed>) = 0 [pid 2546] memfd_create("syzkaller", 0) = 3 [pid 2546] ftruncate(3, 2097152) = 0 [pid 2546] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2546] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2546] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2546] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2546] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2546] ioctl(4, LOOP_SET_FD, 3 [pid 2545] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2546] <... ioctl resumed>) = 0 [pid 2546] mkdir("./file0", 0777) = 0 [pid 2546] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2546] ioctl(4, LOOP_CLR_FD) = 0 [pid 2546] close(4) = 0 [pid 2546] close(3) = 0 [pid 2546] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2545] <... futex resumed>) = 0 [pid 2546] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2546] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2546] chdir("./file0") = 0 [pid 2546] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2545] <... futex resumed>) = 0 [pid 2546] <... futex resumed>) = 0 [pid 2546] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2545] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2546] <... futex resumed>) = 0 [pid 2545] <... futex resumed>) = 1 [pid 2546] creat("./file0", 000) = 3 [pid 2545] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2546] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2546] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2546] <... futex resumed>) = 0 [pid 2546] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2545] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2546] <... write resumed>) = 40 [pid 2546] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2545] <... futex resumed>) = 0 [pid 2546] <... futex resumed>) = 0 [pid 2546] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2545] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2545] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2549 attached [pid 2549] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2549] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] <... clone resumed>, parent_tid=[2549], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2549 [pid 2545] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2549] <... futex resumed>) = 0 [pid 2549] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2545] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2549] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2549] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2545] <... futex resumed>) = 0 [pid 2549] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2546] <... futex resumed>) = 0 [pid 2545] <... futex resumed>) = 1 [pid 2546] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2545] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2546] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2546] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2546] <... futex resumed>) = 0 [pid 2546] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2545] exit_group(0 [pid 2549] <... futex resumed>) = ? [pid 2546] <... futex resumed>) = ? [pid 2545] <... exit_group resumed>) = ? [pid 2546] +++ exited with 0 +++ [pid 2549] +++ exited with 0 +++ [pid 2545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2545, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./452", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./452/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./452/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./452/binderfs") = 0 [ 84.486150][ T2549] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 84.503582][ T2549] EXT4-fs (loop0): pa ffff8881e6ba6e70: logic 16, phys. 128, len 24 [ 84.511576][ T2549] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./452/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./452/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./452") = 0 mkdir("./453", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2550 ./strace-static-x86_64: Process 2550 attached [pid 2550] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2550] chdir("./453") = 0 [pid 2550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2550] setpgid(0, 0) = 0 [pid 2550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2550] write(3, "1000", 4) = 4 [pid 2550] close(3) = 0 [pid 2550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2550] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2550] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2550] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2551 attached [pid 2551] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2551] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2550] <... clone resumed>, parent_tid=[2551], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2551 [pid 2550] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2551] <... futex resumed>) = 0 [pid 2550] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2551] memfd_create("syzkaller", 0) = 3 [pid 2551] ftruncate(3, 2097152) = 0 [pid 2551] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2551] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2551] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2551] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2551] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2551] mkdir("./file0", 0777) = 0 [pid 2551] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2551] ioctl(4, LOOP_CLR_FD) = 0 [pid 2551] close(4) = 0 [pid 2551] close(3) = 0 [pid 2551] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2551] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2550] <... futex resumed>) = 0 [pid 2550] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2551] <... futex resumed>) = 0 [pid 2550] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2551] chdir("./file0") = 0 [pid 2551] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2550] <... futex resumed>) = 0 [pid 2551] creat("./file0", 000 [pid 2550] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2551] <... creat resumed>) = 3 [pid 2551] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2550] <... futex resumed>) = 0 [pid 2551] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2550] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2550] <... futex resumed>) = 0 [pid 2551] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2550] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2551] <... write resumed>) = 40 [pid 2551] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2550] <... mmap resumed>) = 0x7f0168051000 [pid 2551] <... futex resumed>) = 0 [pid 2550] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2551] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2550] <... mprotect resumed>) = 0 [pid 2550] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2554 attached , parent_tid=[2554], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2554 [pid 2554] set_robust_list(0x7f01680719e0, 24 [pid 2550] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2554] <... set_robust_list resumed>) = 0 [pid 2550] <... futex resumed>) = 0 [pid 2554] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2550] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2554] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2554] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2550] <... futex resumed>) = 0 [pid 2550] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2551] <... futex resumed>) = 0 [pid 2550] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2554] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2551] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2551] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2551] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2550] exit_group(0) = ? [pid 2551] <... futex resumed>) = ? [pid 2554] <... futex resumed>) = ? [pid 2551] +++ exited with 0 +++ [pid 2554] +++ exited with 0 +++ [pid 2550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2550, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./453", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./453/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./453/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./453/binderfs") = 0 [ 84.614163][ T2554] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 84.631239][ T2554] EXT4-fs (loop0): pa ffff8881e6ba63f0: logic 16, phys. 128, len 24 [ 84.639236][ T2554] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./453/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./453/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./453") = 0 mkdir("./454", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2555 ./strace-static-x86_64: Process 2555 attached [pid 2555] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2555] chdir("./454") = 0 [pid 2555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2555] setpgid(0, 0) = 0 [pid 2555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2555] write(3, "1000", 4) = 4 [pid 2555] close(3) = 0 [pid 2555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2555] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2555] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2555] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2556 attached , parent_tid=[2556], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2556 [pid 2556] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2556] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2555] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2556] <... futex resumed>) = 0 [pid 2556] memfd_create("syzkaller", 0 [pid 2555] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2556] <... memfd_create resumed>) = 3 [pid 2556] ftruncate(3, 2097152) = 0 [pid 2556] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2556] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2556] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2556] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2556] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2556] mkdir("./file0", 0777) = 0 [pid 2556] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2556] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2556] ioctl(4, LOOP_CLR_FD) = 0 [pid 2556] close(4) = 0 [pid 2556] close(3) = 0 [pid 2556] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2556] chdir("./file0" [pid 2555] <... futex resumed>) = 0 [pid 2556] <... chdir resumed>) = 0 [pid 2555] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2556] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2556] creat("./file0", 000 [pid 2555] <... futex resumed>) = 0 [pid 2555] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2556] <... creat resumed>) = 3 [pid 2556] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2555] <... futex resumed>) = 0 [pid 2556] <... futex resumed>) = 1 [pid 2555] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2555] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2555] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2559], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2559 [pid 2555] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2555] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2556] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2556] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2556] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2559 attached [pid 2559] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2559] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2559] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2555] <... futex resumed>) = 0 [pid 2559] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2555] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2555] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2556] <... futex resumed>) = 0 [pid 2556] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2556] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2555] <... futex resumed>) = 0 [pid 2555] exit_group(0) = ? [pid 2559] <... futex resumed>) = ? [pid 2559] +++ exited with 0 +++ [pid 2556] +++ exited with 0 +++ [pid 2555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2555, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./454", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./454/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./454/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./454/binderfs") = 0 [ 84.760035][ T2559] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 84.777441][ T2556] EXT4-fs (loop0): pa ffff8881db871930: logic 16, phys. 128, len 24 [ 84.785457][ T2556] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./454/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./454/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./454") = 0 mkdir("./455", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2560 ./strace-static-x86_64: Process 2560 attached [pid 2560] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2560] chdir("./455") = 0 [pid 2560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2560] setpgid(0, 0) = 0 [pid 2560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2560] write(3, "1000", 4) = 4 [pid 2560] close(3) = 0 [pid 2560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2560] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2560] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2560] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2561 attached , parent_tid=[2561], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2561 [pid 2560] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2560] <... futex resumed>) = 0 [pid 2560] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2561] memfd_create("syzkaller", 0) = 3 [pid 2561] ftruncate(3, 2097152) = 0 [pid 2561] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2561] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2561] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2561] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2561] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2561] mkdir("./file0", 0777) = 0 [pid 2561] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2561] ioctl(4, LOOP_CLR_FD) = 0 [pid 2561] close(4) = 0 [pid 2561] close(3) = 0 [pid 2561] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2561] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = 0 [pid 2560] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2561] <... futex resumed>) = 0 [pid 2561] chdir("./file0" [pid 2560] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2561] <... chdir resumed>) = 0 [pid 2561] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2561] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2560] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2561] <... futex resumed>) = 0 [pid 2561] creat("./file0", 000 [pid 2560] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2561] <... creat resumed>) = 3 [pid 2561] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2561] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = 0 [pid 2560] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2561] <... futex resumed>) = 0 [pid 2561] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2560] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... write resumed>) = 40 [pid 2561] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2561] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = 0 [pid 2560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2560] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2560] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2564 attached , parent_tid=[2564], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2564 [pid 2564] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2564] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2564] <... futex resumed>) = 0 [pid 2564] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2560] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2564] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2564] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2560] <... futex resumed>) = 0 [pid 2564] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2561] <... futex resumed>) = 0 [pid 2560] <... futex resumed>) = 1 [pid 2561] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2560] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2561] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2561] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2560] <... futex resumed>) = 0 [pid 2560] exit_group(0 [pid 2561] <... futex resumed>) = ? [pid 2561] +++ exited with 0 +++ [pid 2560] <... exit_group resumed>) = ? [pid 2564] <... futex resumed>) = ? [pid 2564] +++ exited with 0 +++ [pid 2560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2560, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./455", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./455/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./455/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./455/binderfs") = 0 [ 84.923689][ T2564] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 84.939579][ T2564] EXT4-fs (loop0): pa ffff8881db90ee70: logic 16, phys. 128, len 24 [ 84.947585][ T2564] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./455/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./455/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./455") = 0 mkdir("./456", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2565 attached , child_tidptr=0x55555656e5d0) = 2565 [pid 2565] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2565] chdir("./456") = 0 [pid 2565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2565] setpgid(0, 0) = 0 [pid 2565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2565] write(3, "1000", 4) = 4 [pid 2565] close(3) = 0 [pid 2565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2565] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2565] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2565] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2566 attached , parent_tid=[2566], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2566 [pid 2566] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2566] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2565] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2566] <... futex resumed>) = 0 [pid 2565] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2566] memfd_create("syzkaller", 0) = 3 [pid 2566] ftruncate(3, 2097152) = 0 [pid 2566] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2566] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2566] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2566] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2566] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2566] mkdir("./file0", 0777) = 0 [pid 2566] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2566] ioctl(4, LOOP_CLR_FD) = 0 [pid 2566] close(4) = 0 [pid 2566] close(3) = 0 [pid 2566] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2566] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2565] <... futex resumed>) = 0 [pid 2565] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2565] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2566] <... futex resumed>) = 0 [pid 2566] chdir("./file0") = 0 [pid 2566] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2566] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2565] <... futex resumed>) = 0 [pid 2565] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2566] <... futex resumed>) = 0 [pid 2566] creat("./file0", 000 [pid 2565] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2566] <... creat resumed>) = 3 [pid 2566] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2566] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2565] <... futex resumed>) = 0 [pid 2565] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2565] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2566] <... futex resumed>) = 0 [pid 2565] <... futex resumed>) = 0 [pid 2565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2566] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2565] <... mmap resumed>) = 0x7f0168051000 [pid 2565] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2566] <... write resumed>) = 40 [pid 2566] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2565] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2566] <... futex resumed>) = 0 [pid 2566] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2565] <... clone resumed>, parent_tid=[2569], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2569 [pid 2565] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2565] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2569 attached [pid 2569] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2569] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2569] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2565] <... futex resumed>) = 0 [pid 2569] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2565] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2566] <... futex resumed>) = 0 [pid 2566] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2566] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2566] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2565] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2565] exit_group(0) = ? [pid 2566] <... futex resumed>) = ? [pid 2566] +++ exited with 0 +++ [pid 2569] <... futex resumed>) = ? [pid 2569] +++ exited with 0 +++ [pid 2565] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2565, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./456", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./456/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./456/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./456/binderfs") = 0 [ 85.088513][ T2569] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 85.106406][ T2569] EXT4-fs (loop0): pa ffff8881db90e2a0: logic 16, phys. 128, len 24 [ 85.114429][ T2569] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./456/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./456/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./456") = 0 mkdir("./457", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2570 ./strace-static-x86_64: Process 2570 attached [pid 2570] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2570] chdir("./457") = 0 [pid 2570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2570] setpgid(0, 0) = 0 [pid 2570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2570] write(3, "1000", 4) = 4 [pid 2570] close(3) = 0 [pid 2570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2570] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2570] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2570] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2571 attached [pid 2571] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2571] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2570] <... clone resumed>, parent_tid=[2571], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2571 [pid 2570] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2571] <... futex resumed>) = 0 [pid 2571] memfd_create("syzkaller", 0) = 3 [pid 2571] ftruncate(3, 2097152) = 0 [pid 2571] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2571] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2571] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2571] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2571] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2571] mkdir("./file0", 0777) = 0 [pid 2571] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 2570] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2571] <... mount resumed>) = 0 [pid 2571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2571] ioctl(4, LOOP_CLR_FD) = 0 [pid 2571] close(4) = 0 [pid 2571] close(3) = 0 [pid 2571] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2570] <... futex resumed>) = 0 [pid 2571] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2570] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2571] chdir("./file0") = 0 [pid 2571] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2570] <... futex resumed>) = 0 [pid 2571] <... futex resumed>) = 0 [pid 2570] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2571] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2570] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2571] <... futex resumed>) = 0 [pid 2570] <... futex resumed>) = 1 [pid 2571] creat("./file0", 000 [pid 2570] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2571] <... creat resumed>) = 3 [pid 2571] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2571] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2570] <... futex resumed>) = 0 [pid 2570] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2571] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2570] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2571] <... write resumed>) = 40 [pid 2570] <... mmap resumed>) = 0x7f0168051000 [pid 2571] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2570] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2571] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2570] <... mprotect resumed>) = 0 [pid 2570] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2574], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2574 [pid 2570] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2570] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2574 attached [pid 2574] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2574] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2574] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2570] <... futex resumed>) = 0 [pid 2570] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2571] <... futex resumed>) = 0 [pid 2570] <... futex resumed>) = 1 [pid 2570] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2574] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2571] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2571] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2570] <... futex resumed>) = 0 [pid 2570] exit_group(0) = ? [pid 2574] <... futex resumed>) = ? [pid 2571] +++ exited with 0 +++ [pid 2574] +++ exited with 0 +++ [pid 2570] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2570, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./457", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./457/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./457/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./457/binderfs") = 0 [ 85.236486][ T2574] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 85.253530][ T2574] EXT4-fs (loop0): pa ffff8881db871b28: logic 16, phys. 128, len 24 [ 85.261857][ T2574] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./457/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./457/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./457") = 0 mkdir("./458", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2575 ./strace-static-x86_64: Process 2575 attached [pid 2575] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2575] chdir("./458") = 0 [pid 2575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2575] setpgid(0, 0) = 0 [pid 2575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2575] write(3, "1000", 4) = 4 [pid 2575] close(3) = 0 [pid 2575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2575] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2575] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2575] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2576], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2576 [pid 2575] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2576 attached [pid 2576] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2576] memfd_create("syzkaller", 0) = 3 [pid 2576] ftruncate(3, 2097152) = 0 [pid 2576] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2576] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2576] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2576] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2576] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2576] mkdir("./file0", 0777) = 0 [pid 2576] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2576] ioctl(4, LOOP_CLR_FD) = 0 [pid 2576] close(4) = 0 [pid 2576] close(3) = 0 [pid 2576] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2575] <... futex resumed>) = 0 [pid 2575] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2576] chdir("./file0") = 0 [pid 2576] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2575] <... futex resumed>) = 0 [pid 2575] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2576] creat("./file0", 000) = 3 [pid 2576] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2575] <... futex resumed>) = 0 [pid 2575] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2575] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2575] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2579], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2579 [pid 2575] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2579 attached [pid 2579] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2579] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2576] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2579] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2579] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2575] <... futex resumed>) = 0 [pid 2575] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2579] <... futex resumed>) = 1 [pid 2579] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2579] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2575] <... futex resumed>) = 0 [pid 2579] <... futex resumed>) = 1 [pid 2579] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2576] <... write resumed>) = 40 [pid 2576] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2575] exit_group(0) = ? [pid 2579] <... futex resumed>) = ? [pid 2579] +++ exited with 0 +++ [pid 2576] +++ exited with 0 +++ [pid 2575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2575, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./458", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./458/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./458/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./458/binderfs") = 0 umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./458/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./458/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./458") = 0 mkdir("./459", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2580 ./strace-static-x86_64: Process 2580 attached [pid 2580] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2580] chdir("./459") = 0 [pid 2580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2580] setpgid(0, 0) = 0 [pid 2580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2580] write(3, "1000", 4) = 4 [pid 2580] close(3) = 0 [pid 2580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2580] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2580] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2580] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2581], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2581 [pid 2580] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2580] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2581 attached [pid 2581] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2581] memfd_create("syzkaller", 0) = 3 [pid 2581] ftruncate(3, 2097152) = 0 [pid 2581] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2581] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2581] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2581] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2581] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [ 85.341681][ T2579] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata [pid 2581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2581] mkdir("./file0", 0777) = 0 [pid 2581] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2581] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2581] ioctl(4, LOOP_CLR_FD) = 0 [pid 2581] close(4) = 0 [pid 2581] close(3) = 0 [pid 2581] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2580] <... futex resumed>) = 0 [pid 2581] <... futex resumed>) = 1 [pid 2581] chdir("./file0" [pid 2580] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2581] <... chdir resumed>) = 0 [pid 2580] <... futex resumed>) = 0 [pid 2581] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2580] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2581] <... futex resumed>) = 0 [pid 2581] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2580] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2581] creat("./file0", 000 [pid 2580] <... futex resumed>) = 0 [pid 2580] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2581] <... creat resumed>) = 3 [pid 2581] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2580] <... futex resumed>) = 0 [pid 2581] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2580] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2581] <... write resumed>) = 40 [pid 2580] <... futex resumed>) = 0 [pid 2581] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2580] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2581] <... futex resumed>) = 0 [pid 2580] <... futex resumed>) = 0 [pid 2581] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2580] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2580] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2584 attached [pid 2584] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2584] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2580] <... clone resumed>, parent_tid=[2584], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2584 [pid 2580] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2580] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2584] <... futex resumed>) = 0 [pid 2584] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2584] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2580] <... futex resumed>) = 0 [pid 2580] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2580] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2581] <... futex resumed>) = 0 [pid 2581] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2581] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2580] <... futex resumed>) = 0 [pid 2580] exit_group(0) = ? [pid 2581] <... futex resumed>) = ? [pid 2581] +++ exited with 0 +++ [pid 2584] +++ exited with 0 +++ [pid 2580] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2580, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./459", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./459/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./459/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./459/binderfs") = 0 [ 85.435002][ T2584] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 85.451426][ T2584] EXT4-fs (loop0): pa ffff8881db871d20: logic 16, phys. 128, len 24 [ 85.459420][ T2584] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./459/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./459/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./459") = 0 mkdir("./460", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2585 ./strace-static-x86_64: Process 2585 attached [pid 2585] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2585] chdir("./460") = 0 [pid 2585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2585] setpgid(0, 0) = 0 [pid 2585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2585] write(3, "1000", 4) = 4 [pid 2585] close(3) = 0 [pid 2585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2585] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2585] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2585] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2586 attached , parent_tid=[2586], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2586 [pid 2585] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2585] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2586] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2586] memfd_create("syzkaller", 0) = 3 [pid 2586] ftruncate(3, 2097152) = 0 [pid 2586] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2586] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2586] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2586] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2586] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2586] mkdir("./file0", 0777) = 0 [pid 2586] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2586] ioctl(4, LOOP_CLR_FD) = 0 [pid 2586] close(4) = 0 [pid 2586] close(3) = 0 [pid 2586] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2586] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2585] <... futex resumed>) = 0 [pid 2585] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2585] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2586] <... futex resumed>) = 0 [pid 2586] chdir("./file0") = 0 [pid 2586] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2586] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2585] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2586] <... futex resumed>) = 0 [pid 2586] creat("./file0", 000 [pid 2585] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2586] <... creat resumed>) = 3 [pid 2586] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2586] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2585] <... futex resumed>) = 0 [pid 2585] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2586] <... futex resumed>) = 0 [pid 2586] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2585] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2586] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2586] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2585] <... futex resumed>) = 0 [pid 2585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2585] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2585] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2589], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2589 ./strace-static-x86_64: Process 2589 attached [pid 2589] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2589] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2585] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2589] <... futex resumed>) = 0 [pid 2585] <... futex resumed>) = 1 [pid 2589] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2585] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2589] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2589] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2585] <... futex resumed>) = 0 [pid 2585] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2586] <... futex resumed>) = 0 [pid 2585] <... futex resumed>) = 1 [pid 2586] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2585] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2586] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2586] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2586] <... futex resumed>) = 0 [pid 2586] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2585] exit_group(0 [pid 2586] <... futex resumed>) = ? [pid 2585] <... exit_group resumed>) = ? [pid 2586] +++ exited with 0 +++ [pid 2589] +++ exited with 0 +++ [pid 2585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2585, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./460", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./460/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./460/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./460/binderfs") = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./460/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./460/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./460") = 0 mkdir("./461", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2590 ./strace-static-x86_64: Process 2590 attached [pid 2590] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2590] chdir("./461") = 0 [pid 2590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2590] setpgid(0, 0) = 0 [pid 2590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2590] write(3, "1000", 4) = 4 [pid 2590] close(3) = 0 [pid 2590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2590] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2590] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2590] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2591], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2591 [pid 2590] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2591 attached [pid 2591] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2591] memfd_create("syzkaller", 0) = 3 [pid 2591] ftruncate(3, 2097152) = 0 [pid 2591] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2591] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2591] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2591] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2591] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2591] mkdir("./file0", 0777) = 0 [ 85.600877][ T2589] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 85.617254][ T2589] EXT4-fs (loop0): pa ffff8881db90eb28: logic 16, phys. 128, len 24 [ 85.625271][ T2589] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 2591] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2591] ioctl(4, LOOP_CLR_FD) = 0 [pid 2591] close(4) = 0 [pid 2591] close(3) = 0 [pid 2591] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2591] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2590] <... futex resumed>) = 0 [pid 2590] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2591] <... futex resumed>) = 0 [pid 2591] chdir("./file0") = 0 [pid 2591] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2591] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2590] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2590] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2591] <... futex resumed>) = 0 [pid 2590] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2591] creat("./file0", 000) = 3 [pid 2591] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2590] <... futex resumed>) = 0 [pid 2590] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2590] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2590] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2594], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2594 [pid 2590] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2594 attached [pid 2594] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2594] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2591] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2594] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2594] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2590] <... futex resumed>) = 0 [pid 2594] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2590] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2594] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2590] <... futex resumed>) = 0 [pid 2594] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2590] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2594] <... futex resumed>) = 0 [pid 2590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2594] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2591] <... write resumed>) = 40 [pid 2591] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2590] exit_group(0 [pid 2591] ????( [pid 2590] <... exit_group resumed>) = ? [pid 2594] <... futex resumed>) = ? [pid 2594] +++ exited with 0 +++ [pid 2591] <... ???? resumed>) = ? [pid 2591] +++ exited with 0 +++ [pid 2590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2590, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./461", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./461/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./461/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./461/binderfs") = 0 [ 85.687806][ T2594] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./461/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./461/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./461") = 0 mkdir("./462", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2595 ./strace-static-x86_64: Process 2595 attached [pid 2595] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2595] chdir("./462") = 0 [pid 2595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2595] setpgid(0, 0) = 0 [pid 2595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2595] write(3, "1000", 4) = 4 [pid 2595] close(3) = 0 [pid 2595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2595] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2595] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2595] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2596], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2596 ./strace-static-x86_64: Process 2596 attached [pid 2596] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2596] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2595] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2596] <... futex resumed>) = 0 [pid 2595] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2596] memfd_create("syzkaller", 0) = 3 [pid 2596] ftruncate(3, 2097152) = 0 [pid 2596] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2596] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2596] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2596] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2596] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2596] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2596] mkdir("./file0", 0777) = 0 [pid 2596] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2596] ioctl(4, LOOP_CLR_FD) = 0 [pid 2596] close(4) = 0 [pid 2596] close(3) = 0 [pid 2596] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2596] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2595] <... futex resumed>) = 0 [pid 2595] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2596] <... futex resumed>) = 0 [pid 2596] chdir("./file0" [pid 2595] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2596] <... chdir resumed>) = 0 [pid 2596] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2595] <... futex resumed>) = 0 [pid 2596] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2595] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2596] <... futex resumed>) = 0 [pid 2595] <... futex resumed>) = 1 [pid 2596] creat("./file0", 000 [pid 2595] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2596] <... creat resumed>) = 3 [pid 2596] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2595] <... futex resumed>) = 0 [pid 2596] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2595] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2596] <... futex resumed>) = 0 [pid 2595] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2596] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2595] <... futex resumed>) = 0 [pid 2596] <... write resumed>) = 40 [pid 2595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2596] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2595] <... mmap resumed>) = 0x7f0168051000 [pid 2596] <... futex resumed>) = 0 [pid 2595] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2596] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2595] <... mprotect resumed>) = 0 [pid 2595] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2599 attached , parent_tid=[2599], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2599 [pid 2599] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2599] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2595] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2595] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2599] <... futex resumed>) = 0 [pid 2599] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2599] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2595] <... futex resumed>) = 0 [pid 2599] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2595] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2596] <... futex resumed>) = 0 [pid 2595] <... futex resumed>) = 1 [pid 2596] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2596] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2595] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2596] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2595] exit_group(0 [pid 2599] <... futex resumed>) = ? [pid 2596] <... futex resumed>) = ? [pid 2595] <... exit_group resumed>) = ? [pid 2596] +++ exited with 0 +++ [pid 2599] +++ exited with 0 +++ [pid 2595] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2595, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./462", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./462/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./462/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./462/binderfs") = 0 [ 85.790658][ T2599] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 85.808505][ T2599] EXT4-fs (loop0): pa ffff8881db90e7e0: logic 16, phys. 128, len 24 [ 85.816548][ T2599] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./462/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./462/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./462") = 0 mkdir("./463", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2600 ./strace-static-x86_64: Process 2600 attached [pid 2600] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2600] chdir("./463") = 0 [pid 2600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2600] setpgid(0, 0) = 0 [pid 2600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2600] write(3, "1000", 4) = 4 [pid 2600] close(3) = 0 [pid 2600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2600] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2600] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2600] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2601 attached [pid 2601] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2601] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2600] <... clone resumed>, parent_tid=[2601], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2601 [pid 2600] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2600] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2601] <... futex resumed>) = 0 [pid 2601] memfd_create("syzkaller", 0) = 3 [pid 2601] ftruncate(3, 2097152) = 0 [pid 2601] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2601] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2601] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2601] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2601] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2601] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2601] mkdir("./file0", 0777) = 0 [pid 2601] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2601] ioctl(4, LOOP_CLR_FD) = 0 [pid 2601] close(4) = 0 [pid 2601] close(3) = 0 [pid 2601] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2600] <... futex resumed>) = 0 [pid 2600] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2601] chdir("./file0") = 0 [pid 2601] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2600] <... futex resumed>) = 0 [pid 2600] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2601] creat("./file0", 000) = 3 [pid 2601] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2600] <... futex resumed>) = 0 [pid 2601] <... futex resumed>) = 1 [pid 2600] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2600] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2600] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2604 attached [pid 2604] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2600] <... clone resumed>, parent_tid=[2604], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2604 [pid 2604] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2600] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2600] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2601] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2604] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2604] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2604] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2600] <... futex resumed>) = 0 [pid 2600] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2600] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2604] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2604] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2604] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2600] <... futex resumed>) = 0 [pid 2601] <... write resumed>) = 40 [pid 2601] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2601] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2600] exit_group(0) = ? [pid 2604] <... futex resumed>) = ? [pid 2604] +++ exited with 0 +++ [pid 2601] <... futex resumed>) = ? [pid 2601] +++ exited with 0 +++ [pid 2600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2600, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./463", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./463/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./463/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./463/binderfs") = 0 [ 85.965076][ T2604] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./463/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./463/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./463") = 0 mkdir("./464", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2605 ./strace-static-x86_64: Process 2605 attached [pid 2605] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2605] chdir("./464") = 0 [pid 2605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2605] setpgid(0, 0) = 0 [pid 2605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2605] write(3, "1000", 4) = 4 [pid 2605] close(3) = 0 [pid 2605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2605] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2605] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2605] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2606], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2606 [pid 2605] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2606 attached [pid 2606] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2606] memfd_create("syzkaller", 0) = 3 [pid 2606] ftruncate(3, 2097152) = 0 [pid 2606] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2606] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2606] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2606] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2606] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2606] mkdir("./file0", 0777) = 0 [pid 2606] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2606] ioctl(4, LOOP_CLR_FD) = 0 [pid 2606] close(4) = 0 [pid 2606] close(3) = 0 [pid 2606] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2605] <... futex resumed>) = 0 [pid 2605] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2606] chdir("./file0") = 0 [pid 2606] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2605] <... futex resumed>) = 0 [pid 2605] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2606] creat("./file0", 000) = 3 [pid 2606] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2605] <... futex resumed>) = 0 [pid 2605] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2605] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2605] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2609], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2609 [pid 2605] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2609 attached [pid 2609] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2609] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2606] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2609] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2609] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2605] <... futex resumed>) = 0 [pid 2605] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2605] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2609] <... futex resumed>) = 1 [pid 2609] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2609] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2605] <... futex resumed>) = 0 [pid 2609] <... futex resumed>) = 1 [pid 2609] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2606] <... write resumed>) = 40 [pid 2606] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2606] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2605] exit_group(0) = ? [pid 2606] <... futex resumed>) = ? [pid 2609] <... futex resumed>) = ? [pid 2609] +++ exited with 0 +++ [pid 2606] +++ exited with 0 +++ [pid 2605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2605, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./464", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./464/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./464/binderfs") = 0 [ 86.078181][ T2609] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./464/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./464") = 0 mkdir("./465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2610 ./strace-static-x86_64: Process 2610 attached [pid 2610] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2610] chdir("./465") = 0 [pid 2610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2610] setpgid(0, 0) = 0 [pid 2610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2610] write(3, "1000", 4) = 4 [pid 2610] close(3) = 0 [pid 2610] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2610] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2610] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2610] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2611 attached [pid 2611] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2611] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2610] <... clone resumed>, parent_tid=[2611], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2611 [pid 2610] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2611] <... futex resumed>) = 0 [pid 2611] memfd_create("syzkaller", 0) = 3 [pid 2611] ftruncate(3, 2097152) = 0 [pid 2611] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2611] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2611] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2611] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2611] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2611] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2611] mkdir("./file0", 0777 [pid 2610] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2611] <... mkdir resumed>) = 0 [pid 2611] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2611] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2611] ioctl(4, LOOP_CLR_FD) = 0 [pid 2611] close(4) = 0 [pid 2611] close(3) = 0 [pid 2611] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2610] <... futex resumed>) = 0 [pid 2610] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2610] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2611] chdir("./file0") = 0 [pid 2611] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2610] <... futex resumed>) = 0 [pid 2610] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2610] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2611] creat("./file0", 000) = 3 [pid 2611] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2610] <... futex resumed>) = 0 [pid 2610] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2610] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2610] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2610] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2610] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2614 attached , parent_tid=[2614], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2614 [pid 2611] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2610] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2614] set_robust_list(0x7f01680719e0, 24 [pid 2611] <... write resumed>) = 40 [pid 2610] <... futex resumed>) = 0 [pid 2611] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2610] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2611] <... futex resumed>) = 0 [pid 2611] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2614] <... set_robust_list resumed>) = 0 [pid 2614] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2614] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2610] <... futex resumed>) = 0 [pid 2610] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2611] <... futex resumed>) = 0 [pid 2610] <... futex resumed>) = 1 [pid 2611] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2610] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2611] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2611] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2610] <... futex resumed>) = 0 [pid 2611] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2610] exit_group(0 [pid 2611] <... futex resumed>) = ? [pid 2610] <... exit_group resumed>) = ? [pid 2611] +++ exited with 0 +++ [pid 2614] +++ exited with 0 +++ [pid 2610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2610, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./465", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./465/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./465/binderfs") = 0 [ 86.179496][ T2614] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 86.196349][ T2614] EXT4-fs (loop0): pa ffff8881db90edc8: logic 16, phys. 128, len 24 [ 86.204498][ T2614] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./465/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./465") = 0 mkdir("./466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2615 ./strace-static-x86_64: Process 2615 attached [pid 2615] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2615] chdir("./466") = 0 [pid 2615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2615] setpgid(0, 0) = 0 [pid 2615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2615] write(3, "1000", 4) = 4 [pid 2615] close(3) = 0 [pid 2615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2615] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2615] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2615] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2616 attached , parent_tid=[2616], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2616 [pid 2615] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2616] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2616] memfd_create("syzkaller", 0) = 3 [pid 2616] ftruncate(3, 2097152) = 0 [pid 2616] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2616] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2616] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2616] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2616] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2616] mkdir("./file0", 0777) = 0 [pid 2616] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2616] ioctl(4, LOOP_CLR_FD) = 0 [pid 2616] close(4) = 0 [pid 2616] close(3) = 0 [pid 2616] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2615] <... futex resumed>) = 0 [pid 2616] <... futex resumed>) = 1 [pid 2616] chdir("./file0" [pid 2615] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2616] <... chdir resumed>) = 0 [pid 2616] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2615] <... futex resumed>) = 0 [pid 2615] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2616] creat("./file0", 000 [pid 2615] <... futex resumed>) = 0 [pid 2615] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2616] <... creat resumed>) = 3 [pid 2616] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2615] <... futex resumed>) = 0 [pid 2615] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2615] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2615] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2619], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2619 [pid 2615] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2615] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2616] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 ./strace-static-x86_64: Process 2619 attached [pid 2619] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2619] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2616] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2616] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2619] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2619] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2615] <... futex resumed>) = 0 [pid 2615] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2615] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2616] <... futex resumed>) = 0 [pid 2616] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2616] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2615] <... futex resumed>) = 0 [pid 2619] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2615] exit_group(0) = ? [pid 2616] <... futex resumed>) = ? [pid 2616] +++ exited with 0 +++ [pid 2619] <... futex resumed>) = ? [pid 2619] +++ exited with 0 +++ [pid 2615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2615, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./466", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./466/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./466/binderfs") = 0 [ 86.296689][ T2619] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 86.314774][ T2619] EXT4-fs (loop0): pa ffff8881db90e690: logic 16, phys. 128, len 24 [ 86.322920][ T2619] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./466/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./466") = 0 mkdir("./467", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2620 ./strace-static-x86_64: Process 2620 attached [pid 2620] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2620] chdir("./467") = 0 [pid 2620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2620] setpgid(0, 0) = 0 [pid 2620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2620] write(3, "1000", 4) = 4 [pid 2620] close(3) = 0 [pid 2620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2620] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2620] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2620] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2621 attached , parent_tid=[2621], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2621 [pid 2621] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2621] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2620] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2621] <... futex resumed>) = 0 [pid 2620] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2621] memfd_create("syzkaller", 0) = 3 [pid 2621] ftruncate(3, 2097152) = 0 [pid 2621] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2621] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2621] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2621] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2621] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2621] mkdir("./file0", 0777) = 0 [pid 2621] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2621] ioctl(4, LOOP_CLR_FD) = 0 [pid 2621] close(4) = 0 [pid 2621] close(3) = 0 [pid 2621] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2621] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2620] <... futex resumed>) = 0 [pid 2620] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2621] <... futex resumed>) = 0 [pid 2620] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2621] chdir("./file0") = 0 [pid 2621] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2620] <... futex resumed>) = 0 [pid 2621] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2620] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2620] <... futex resumed>) = 0 [pid 2621] creat("./file0", 000 [pid 2620] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2621] <... creat resumed>) = 3 [pid 2621] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2620] <... futex resumed>) = 0 [pid 2621] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2620] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2621] <... write resumed>) = 40 [pid 2620] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2621] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2620] <... futex resumed>) = 0 [pid 2621] <... futex resumed>) = 0 [pid 2620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2621] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2620] <... mmap resumed>) = 0x7f0168051000 [pid 2620] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2620] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2624 attached [pid 2624] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2620] <... clone resumed>, parent_tid=[2624], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2624 [pid 2624] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2620] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2620] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2624] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2624] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2620] <... futex resumed>) = 0 [pid 2624] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2620] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2621] <... futex resumed>) = 0 [pid 2621] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2620] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2621] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2621] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2621] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2620] <... futex resumed>) = 0 [pid 2620] exit_group(0 [pid 2621] <... futex resumed>) = ? [pid 2620] <... exit_group resumed>) = ? [pid 2621] +++ exited with 0 +++ [pid 2624] <... futex resumed>) = ? [pid 2624] +++ exited with 0 +++ [pid 2620] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2620, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./467", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./467/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./467/binderfs") = 0 [ 86.435304][ T2624] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 86.452077][ T2624] EXT4-fs (loop0): pa ffff8881db90e000: logic 16, phys. 128, len 24 [ 86.460092][ T2624] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./467/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./467") = 0 mkdir("./468", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2625 ./strace-static-x86_64: Process 2625 attached [pid 2625] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2625] chdir("./468") = 0 [pid 2625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2625] setpgid(0, 0) = 0 [pid 2625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2625] write(3, "1000", 4) = 4 [pid 2625] close(3) = 0 [pid 2625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2625] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2625] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2625] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2626 attached , parent_tid=[2626], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2626 [pid 2626] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2626] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2626] <... futex resumed>) = 0 [pid 2626] memfd_create("syzkaller", 0 [pid 2625] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2626] <... memfd_create resumed>) = 3 [pid 2626] ftruncate(3, 2097152) = 0 [pid 2626] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2626] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2626] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2626] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2626] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2626] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2626] mkdir("./file0", 0777) = 0 [pid 2626] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2626] ioctl(4, LOOP_CLR_FD) = 0 [pid 2626] close(4) = 0 [pid 2626] close(3) = 0 [pid 2626] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2625] <... futex resumed>) = 0 [pid 2626] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2626] <... futex resumed>) = 0 [pid 2625] <... futex resumed>) = 1 [pid 2626] chdir("./file0") = 0 [pid 2625] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2626] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2626] <... futex resumed>) = 0 [pid 2626] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2626] creat("./file0", 000 [pid 2625] <... futex resumed>) = 0 [pid 2626] <... creat resumed>) = 3 [pid 2625] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2626] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2626] <... futex resumed>) = 0 [pid 2626] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2625] <... futex resumed>) = 0 [pid 2626] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2625] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2626] <... write resumed>) = 40 [pid 2625] <... futex resumed>) = 0 [pid 2626] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2626] <... futex resumed>) = 0 [pid 2625] <... mmap resumed>) = 0x7f0168051000 [pid 2626] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2625] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2629 attached [pid 2629] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2629] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] <... clone resumed>, parent_tid=[2629], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2629 [pid 2625] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2629] <... futex resumed>) = 0 [pid 2629] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2625] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2629] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2629] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2629] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] <... futex resumed>) = 0 [pid 2625] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2626] <... futex resumed>) = 0 [pid 2626] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2626] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2626] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2625] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2625] exit_group(0) = ? [pid 2629] <... futex resumed>) = ? [pid 2626] <... futex resumed>) = ? [pid 2626] +++ exited with 0 +++ [pid 2629] +++ exited with 0 +++ [pid 2625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2625, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./468", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./468/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./468/binderfs") = 0 [ 86.552912][ T2629] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 86.570489][ T2625] EXT4-fs (loop0): pa ffff8881db90e0a8: logic 16, phys. 128, len 24 [ 86.578464][ T2625] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./468/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./468") = 0 mkdir("./469", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2630 ./strace-static-x86_64: Process 2630 attached [pid 2630] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2630] chdir("./469") = 0 [pid 2630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2630] setpgid(0, 0) = 0 [pid 2630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2630] write(3, "1000", 4) = 4 [pid 2630] close(3) = 0 [pid 2630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2630] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2630] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2630] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2631 attached , parent_tid=[2631], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2631 [pid 2630] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2631] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2631] memfd_create("syzkaller", 0) = 3 [pid 2631] ftruncate(3, 2097152) = 0 [pid 2631] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2631] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2631] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2631] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2631] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2631] mkdir("./file0", 0777) = 0 [pid 2631] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2631] ioctl(4, LOOP_CLR_FD) = 0 [pid 2631] close(4) = 0 [pid 2631] close(3) = 0 [pid 2631] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] chdir("./file0" [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2631] <... chdir resumed>) = 0 [pid 2631] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] creat("./file0", 000 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2631] <... creat resumed>) = 3 [pid 2631] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2630] <... futex resumed>) = 0 [pid 2630] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2630] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2630] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2634], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2634 [pid 2630] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2630] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2634 attached [pid 2634] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2634] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2631] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2634] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2634] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2631] <... write resumed>) = 40 [pid 2631] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2631] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2634] <... futex resumed>) = 1 [pid 2630] <... futex resumed>) = 0 [pid 2634] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2630] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2631] <... futex resumed>) = 0 [pid 2630] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2631] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2631] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2631] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2630] exit_group(0 [pid 2634] <... futex resumed>) = ? [pid 2630] <... exit_group resumed>) = ? [pid 2631] <... futex resumed>) = ? [pid 2631] +++ exited with 0 +++ [pid 2634] +++ exited with 0 +++ [pid 2630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2630, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./469", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./469/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./469/binderfs") = 0 [ 86.681309][ T2634] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./469/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./469") = 0 mkdir("./470", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2635 attached , child_tidptr=0x55555656e5d0) = 2635 [pid 2635] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2635] chdir("./470") = 0 [pid 2635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2635] setpgid(0, 0) = 0 [pid 2635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2635] write(3, "1000", 4) = 4 [pid 2635] close(3) = 0 [pid 2635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2635] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2635] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2635] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2636], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2636 ./strace-static-x86_64: Process 2636 attached [pid 2636] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2636] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2635] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2636] <... futex resumed>) = 0 [pid 2635] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2636] memfd_create("syzkaller", 0) = 3 [pid 2636] ftruncate(3, 2097152) = 0 [pid 2636] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2636] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2636] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2636] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2636] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2636] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2636] mkdir("./file0", 0777) = 0 [pid 2636] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2636] ioctl(4, LOOP_CLR_FD) = 0 [pid 2636] close(4) = 0 [pid 2636] close(3) = 0 [pid 2636] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] <... futex resumed>) = 0 [pid 2635] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2636] chdir("./file0") = 0 [pid 2635] <... futex resumed>) = 0 [pid 2636] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2635] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2636] <... futex resumed>) = 0 [pid 2635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2636] creat("./file0", 000 [pid 2635] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2635] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2636] <... creat resumed>) = 3 [pid 2636] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] <... futex resumed>) = 0 [pid 2635] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2635] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2636] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2635] <... futex resumed>) = 0 [pid 2636] <... write resumed>) = 40 [pid 2635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2636] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2635] <... mmap resumed>) = 0x7f0168051000 [pid 2635] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2636] <... futex resumed>) = 0 [pid 2635] <... mprotect resumed>) = 0 [pid 2635] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2636] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2639 attached [pid 2639] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2639] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2635] <... clone resumed>, parent_tid=[2639], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2639 [pid 2635] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2639] <... futex resumed>) = 0 [pid 2635] <... futex resumed>) = 1 [pid 2639] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2635] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2639] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2639] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] <... futex resumed>) = 0 [pid 2639] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2635] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2636] <... futex resumed>) = 0 [pid 2636] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2636] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2635] <... futex resumed>) = 0 [pid 2635] exit_group(0) = ? [pid 2639] <... futex resumed>) = ? [pid 2639] +++ exited with 0 +++ [pid 2636] +++ exited with 0 +++ [pid 2635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2635, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./470", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./470/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./470/binderfs") = 0 [ 86.859988][ T2639] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 86.877012][ T2636] EXT4-fs (loop0): pa ffff8881db871348: logic 16, phys. 128, len 24 [ 86.885049][ T2636] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./470/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./470") = 0 mkdir("./471", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2640 ./strace-static-x86_64: Process 2640 attached [pid 2640] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2640] chdir("./471") = 0 [pid 2640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2640] setpgid(0, 0) = 0 [pid 2640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2640] write(3, "1000", 4) = 4 [pid 2640] close(3) = 0 [pid 2640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2640] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2640] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2640] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2641], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2641 [pid 2640] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2641 attached [pid 2641] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2641] memfd_create("syzkaller", 0) = 3 [pid 2641] ftruncate(3, 2097152) = 0 [pid 2641] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2641] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2641] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2641] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2641] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2641] mkdir("./file0", 0777) = 0 [pid 2641] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2641] ioctl(4, LOOP_CLR_FD) = 0 [pid 2641] close(4) = 0 [pid 2641] close(3) = 0 [pid 2641] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2640] <... futex resumed>) = 0 [pid 2640] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2641] chdir("./file0") = 0 [pid 2641] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2640] <... futex resumed>) = 0 [pid 2640] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2641] creat("./file0", 000) = 3 [pid 2641] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2640] <... futex resumed>) = 0 [pid 2640] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2640] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2640] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2644], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2644 [pid 2640] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2640] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2641] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 ./strace-static-x86_64: Process 2644 attached [pid 2644] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2644] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2641] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2641] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2644] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2644] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2640] <... futex resumed>) = 0 [pid 2640] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2641] <... futex resumed>) = 0 [pid 2640] <... futex resumed>) = 1 [pid 2641] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2640] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2641] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2641] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2644] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2641] <... futex resumed>) = 1 [pid 2640] <... futex resumed>) = 0 [pid 2641] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2640] exit_group(0) = ? [pid 2641] <... futex resumed>) = ? [pid 2641] +++ exited with 0 +++ [pid 2644] <... futex resumed>) = ? [pid 2644] +++ exited with 0 +++ [pid 2640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2640, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./471", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./471/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./471/binderfs") = 0 [ 86.998056][ T2644] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 87.015083][ T2644] EXT4-fs (loop0): pa ffff8881db90ea80: logic 16, phys. 128, len 24 [ 87.023118][ T2644] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./471/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./471") = 0 mkdir("./472", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2645 ./strace-static-x86_64: Process 2645 attached [pid 2645] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2645] chdir("./472") = 0 [pid 2645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2645] setpgid(0, 0) = 0 [pid 2645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2645] write(3, "1000", 4) = 4 [pid 2645] close(3) = 0 [pid 2645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2645] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2645] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2645] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2646 attached , parent_tid=[2646], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2646 [pid 2646] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2646] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2645] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2646] <... futex resumed>) = 0 [pid 2645] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2646] memfd_create("syzkaller", 0) = 3 [pid 2646] ftruncate(3, 2097152) = 0 [pid 2646] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2646] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2646] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2646] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2646] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2646] mkdir("./file0", 0777) = 0 [pid 2646] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2646] ioctl(4, LOOP_CLR_FD) = 0 [pid 2646] close(4) = 0 [pid 2646] close(3) = 0 [pid 2646] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... futex resumed>) = 0 [pid 2646] <... futex resumed>) = 1 [pid 2646] chdir("./file0" [pid 2645] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] <... chdir resumed>) = 0 [pid 2645] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2646] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2645] <... futex resumed>) = 0 [pid 2645] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2646] creat("./file0", 000 [pid 2645] <... futex resumed>) = 0 [pid 2645] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2646] <... creat resumed>) = 3 [pid 2646] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... futex resumed>) = 0 [pid 2646] <... futex resumed>) = 1 [pid 2645] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2645] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2645] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2646] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2645] <... mprotect resumed>) = 0 [pid 2645] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2649], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2649 [pid 2645] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2645] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2646] <... write resumed>) = 40 [pid 2646] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2646] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2649 attached [pid 2649] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2649] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2649] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2645] <... futex resumed>) = 0 [pid 2645] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2645] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2646] <... futex resumed>) = 0 [pid 2646] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2646] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2645] <... futex resumed>) = 0 [pid 2645] exit_group(0) = ? [pid 2646] <... futex resumed>) = ? [pid 2646] +++ exited with 0 +++ [pid 2649] +++ exited with 0 +++ [pid 2645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2645, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./472", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./472/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./472/binderfs") = 0 [ 87.127683][ T2649] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 87.144292][ T2649] EXT4-fs (loop0): pa ffff8881db871c78: logic 16, phys. 128, len 24 [ 87.152352][ T2649] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./472/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./472") = 0 mkdir("./473", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2650 ./strace-static-x86_64: Process 2650 attached [pid 2650] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2650] chdir("./473") = 0 [pid 2650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2650] setpgid(0, 0) = 0 [pid 2650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2650] write(3, "1000", 4) = 4 [pid 2650] close(3) = 0 [pid 2650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2650] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2650] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2650] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2651 attached , parent_tid=[2651], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2651 [pid 2651] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2651] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2650] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2651] <... futex resumed>) = 0 [pid 2650] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2651] memfd_create("syzkaller", 0) = 3 [pid 2651] ftruncate(3, 2097152) = 0 [pid 2651] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2651] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2651] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2651] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2651] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2651] mkdir("./file0", 0777) = 0 [pid 2651] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2651] ioctl(4, LOOP_CLR_FD) = 0 [pid 2651] close(4) = 0 [pid 2651] close(3) = 0 [pid 2651] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2650] <... futex resumed>) = 0 [pid 2650] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2651] chdir("./file0" [pid 2650] <... futex resumed>) = 0 [pid 2651] <... chdir resumed>) = 0 [pid 2650] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2651] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2650] <... futex resumed>) = 0 [pid 2651] creat("./file0", 000 [pid 2650] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2650] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2651] <... creat resumed>) = 3 [pid 2651] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2651] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2650] <... futex resumed>) = 0 [pid 2650] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2651] <... futex resumed>) = 0 [pid 2651] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2650] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2651] <... write resumed>) = 40 [pid 2650] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2651] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2650] <... mprotect resumed>) = 0 [pid 2651] <... futex resumed>) = 0 [pid 2651] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2650] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2654 attached [pid 2654] set_robust_list(0x7f01680719e0, 24 [pid 2650] <... clone resumed>, parent_tid=[2654], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2654 [pid 2654] <... set_robust_list resumed>) = 0 [pid 2650] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2654] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2650] <... futex resumed>) = 0 [pid 2650] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2654] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2654] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2650] <... futex resumed>) = 0 [pid 2654] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2650] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2651] <... futex resumed>) = 0 [pid 2650] <... futex resumed>) = 1 [pid 2651] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2650] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2651] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2651] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2650] <... futex resumed>) = 0 [pid 2651] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2650] exit_group(0 [pid 2651] <... futex resumed>) = ? [pid 2650] <... exit_group resumed>) = ? [pid 2651] +++ exited with 0 +++ [pid 2654] <... futex resumed>) = ? [pid 2654] +++ exited with 0 +++ [pid 2650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2650, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./473", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./473/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./473/binderfs") = 0 [ 87.297193][ T2654] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 87.313304][ T2654] EXT4-fs (loop0): pa ffff8881db871690: logic 16, phys. 128, len 24 [ 87.321294][ T2654] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./473/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./473") = 0 mkdir("./474", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2655 attached [pid 2655] set_robust_list(0x55555656e5e0, 24) = 0 [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2655 [pid 2655] chdir("./474") = 0 [pid 2655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2655] setpgid(0, 0) = 0 [pid 2655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2655] write(3, "1000", 4) = 4 [pid 2655] close(3) = 0 [pid 2655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2655] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2655] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2655] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2656 attached , parent_tid=[2656], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2656 [pid 2655] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2656] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2656] memfd_create("syzkaller", 0) = 3 [pid 2656] ftruncate(3, 2097152) = 0 [pid 2656] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2656] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2656] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2656] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2656] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2656] mkdir("./file0", 0777) = 0 [pid 2656] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2656] ioctl(4, LOOP_CLR_FD) = 0 [pid 2656] close(4) = 0 [pid 2656] close(3) = 0 [pid 2656] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2656] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2655] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2656] chdir("./file0") = 0 [pid 2656] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2655] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2656] creat("./file0", 000) = 3 [pid 2656] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2656] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2655] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2656] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2655] <... mmap resumed>) = 0x7f0168051000 [pid 2655] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2656] <... write resumed>) = 40 [pid 2655] <... mprotect resumed>) = 0 [pid 2655] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2656] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2655] <... clone resumed>, parent_tid=[2659], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2659 [pid 2655] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2656] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2655] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2659 attached [pid 2659] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2659] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2659] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2655] <... futex resumed>) = 0 [pid 2655] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2656] <... futex resumed>) = 0 [pid 2655] <... futex resumed>) = 1 [pid 2655] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2656] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2656] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2659] <... futex resumed>) = 1 [pid 2656] <... futex resumed>) = 1 [pid 2655] <... futex resumed>) = 0 [pid 2656] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2655] exit_group(0) = ? [pid 2656] <... futex resumed>) = ? [pid 2656] +++ exited with 0 +++ [pid 2659] +++ exited with 0 +++ [pid 2655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2655, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./474", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./474/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./474/binderfs") = 0 [ 87.436720][ T2659] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 87.452929][ T2659] EXT4-fs (loop0): pa ffff8881db8a25e8: logic 16, phys. 128, len 24 [ 87.461038][ T2659] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./474/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./474") = 0 mkdir("./475", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2660 ./strace-static-x86_64: Process 2660 attached [pid 2660] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2660] chdir("./475") = 0 [pid 2660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2660] setpgid(0, 0) = 0 [pid 2660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2660] write(3, "1000", 4) = 4 [pid 2660] close(3) = 0 [pid 2660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2660] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2660] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2660] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2661 attached , parent_tid=[2661], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2661 [pid 2661] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2661] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2660] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2661] <... futex resumed>) = 0 [pid 2660] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2661] memfd_create("syzkaller", 0) = 3 [pid 2661] ftruncate(3, 2097152) = 0 [pid 2661] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2661] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2661] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2661] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2661] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2661] mkdir("./file0", 0777) = 0 [pid 2661] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2661] ioctl(4, LOOP_CLR_FD) = 0 [pid 2661] close(4) = 0 [pid 2661] close(3) = 0 [pid 2661] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2660] <... futex resumed>) = 0 [pid 2661] <... futex resumed>) = 1 [pid 2660] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2661] chdir("./file0") = 0 [pid 2660] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2661] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2660] <... futex resumed>) = 0 [pid 2661] <... futex resumed>) = 1 [pid 2660] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2661] creat("./file0", 000 [pid 2660] <... futex resumed>) = 0 [pid 2660] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2661] <... creat resumed>) = 3 [pid 2661] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2660] <... futex resumed>) = 0 [pid 2660] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2660] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2660] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2660] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2664], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2664 [pid 2660] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2660] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2661] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2661] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2661] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2664 attached [pid 2664] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2664] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2664] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2660] <... futex resumed>) = 0 [pid 2664] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2660] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2660] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2661] <... futex resumed>) = 0 [pid 2661] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2661] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2660] <... futex resumed>) = 0 [pid 2660] exit_group(0) = ? [pid 2664] <... futex resumed>) = ? [pid 2664] +++ exited with 0 +++ [pid 2661] +++ exited with 0 +++ [pid 2660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2660, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./475", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./475/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./475/binderfs") = 0 [ 87.579324][ T2664] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 87.596521][ T2661] EXT4-fs (loop0): pa ffff8881db8a27e0: logic 16, phys. 128, len 24 [ 87.604621][ T2661] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./475/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./475") = 0 mkdir("./476", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2665 ./strace-static-x86_64: Process 2665 attached [pid 2665] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2665] chdir("./476") = 0 [pid 2665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2665] setpgid(0, 0) = 0 [pid 2665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2665] write(3, "1000", 4) = 4 [pid 2665] close(3) = 0 [pid 2665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2665] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2665] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2665] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2666 attached , parent_tid=[2666], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2666 [pid 2665] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2665] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2666] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2666] memfd_create("syzkaller", 0) = 3 [pid 2666] ftruncate(3, 2097152) = 0 [pid 2666] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2666] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2666] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2666] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2666] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2666] mkdir("./file0", 0777) = 0 [pid 2666] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2666] ioctl(4, LOOP_CLR_FD) = 0 [pid 2666] close(4) = 0 [pid 2666] close(3) = 0 [pid 2666] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2665] <... futex resumed>) = 0 [pid 2665] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2665] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2666] chdir("./file0") = 0 [pid 2666] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2665] <... futex resumed>) = 0 [pid 2666] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2665] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2665] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2666] creat("./file0", 000) = 3 [pid 2666] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2665] <... futex resumed>) = 0 [pid 2665] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2665] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2665] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2665] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2669 attached [pid 2666] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2665] <... clone resumed>, parent_tid=[2669], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2669 [pid 2665] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2666] <... write resumed>) = 40 [pid 2665] <... futex resumed>) = 0 [pid 2665] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2669] set_robust_list(0x7f01680719e0, 24 [pid 2666] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2666] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2669] <... set_robust_list resumed>) = 0 [pid 2669] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2669] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2665] <... futex resumed>) = 0 [pid 2665] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2665] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2669] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2666] <... futex resumed>) = 0 [pid 2666] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2666] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2665] <... futex resumed>) = 0 [pid 2666] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2665] exit_group(0) = ? [pid 2669] <... futex resumed>) = ? [pid 2666] <... futex resumed>) = ? [pid 2666] +++ exited with 0 +++ [pid 2669] +++ exited with 0 +++ [pid 2665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2665, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./476", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./476/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./476/binderfs") = 0 [ 87.771819][ T2669] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 87.789282][ T2669] EXT4-fs (loop0): pa ffff8881db90e5e8: logic 16, phys. 128, len 24 [ 87.797524][ T2669] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./476/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./476") = 0 mkdir("./477", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2670 ./strace-static-x86_64: Process 2670 attached [pid 2670] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2670] chdir("./477") = 0 [pid 2670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2670] setpgid(0, 0) = 0 [pid 2670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2670] write(3, "1000", 4) = 4 [pid 2670] close(3) = 0 [pid 2670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2670] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2670] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2670] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2671 attached , parent_tid=[2671], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2671 [pid 2670] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2670] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2671] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2671] memfd_create("syzkaller", 0) = 3 [pid 2671] ftruncate(3, 2097152) = 0 [pid 2671] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2671] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2671] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2671] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2671] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2671] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2671] mkdir("./file0", 0777) = 0 [pid 2671] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2671] ioctl(4, LOOP_CLR_FD) = 0 [pid 2671] close(4) = 0 [pid 2671] close(3) = 0 [pid 2671] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2671] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2670] <... futex resumed>) = 0 [pid 2670] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2671] <... futex resumed>) = 0 [pid 2671] chdir("./file0") = 0 [pid 2671] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2671] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2670] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2670] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2671] <... futex resumed>) = 0 [pid 2671] creat("./file0", 000 [pid 2670] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2671] <... creat resumed>) = 3 [pid 2671] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2671] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2670] <... futex resumed>) = 0 [pid 2670] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2671] <... futex resumed>) = 0 [pid 2670] <... futex resumed>) = 1 [pid 2671] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2671] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2671] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2670] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2671] <... futex resumed>) = 0 [pid 2671] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2670] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2671] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2671] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2670] <... futex resumed>) = 0 [pid 2671] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2670] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2670] <... futex resumed>) = 0 [pid 2671] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2670] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2671] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2671] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2670] <... futex resumed>) = 0 [pid 2670] exit_group(0) = ? [pid 2671] +++ exited with 0 +++ [pid 2670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2670, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./477", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./477/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./477/binderfs") = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./477/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./477") = 0 mkdir("./478", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 87.947285][ T2671] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 87.964048][ T2671] EXT4-fs (loop0): pa ffff8881db90e888: logic 16, phys. 128, len 24 [ 87.972069][ T2671] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2674 ./strace-static-x86_64: Process 2674 attached [pid 2674] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2674] chdir("./478") = 0 [pid 2674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2674] setpgid(0, 0) = 0 [pid 2674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2674] write(3, "1000", 4) = 4 [pid 2674] close(3) = 0 [pid 2674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2674] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2674] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2674] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2675 attached , parent_tid=[2675], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2675 [pid 2675] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2675] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2674] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2675] <... futex resumed>) = 0 [pid 2674] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2675] memfd_create("syzkaller", 0) = 3 [pid 2675] ftruncate(3, 2097152) = 0 [pid 2675] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2675] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2675] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2675] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2675] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2675] mkdir("./file0", 0777) = 0 [pid 2675] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2675] ioctl(4, LOOP_CLR_FD) = 0 [pid 2675] close(4) = 0 [pid 2675] close(3) = 0 [pid 2675] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2674] <... futex resumed>) = 0 [pid 2674] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2675] chdir("./file0" [pid 2674] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2675] <... chdir resumed>) = 0 [pid 2675] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2674] <... futex resumed>) = 0 [pid 2674] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2675] creat("./file0", 000 [pid 2674] <... futex resumed>) = 0 [pid 2674] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2675] <... creat resumed>) = 3 [pid 2675] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2674] <... futex resumed>) = 0 [pid 2675] <... futex resumed>) = 1 [pid 2674] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2675] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2674] <... futex resumed>) = 0 [pid 2675] <... write resumed>) = 40 [pid 2674] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2675] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2674] <... mmap resumed>) = 0x7f0168051000 [pid 2674] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2674] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2675] <... futex resumed>) = 0 [pid 2674] <... clone resumed>, parent_tid=[2678], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2678 [pid 2674] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2674] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2675] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2678 attached [pid 2678] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2678] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2678] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2674] <... futex resumed>) = 0 [pid 2674] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2674] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2675] <... futex resumed>) = 0 [pid 2675] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2675] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2674] <... futex resumed>) = 0 [pid 2674] exit_group(0) = ? [pid 2675] <... futex resumed>) = ? [pid 2678] +++ exited with 0 +++ [pid 2675] +++ exited with 0 +++ [pid 2674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2674, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./478", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./478/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./478/binderfs") = 0 [ 88.053239][ T2678] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 88.070184][ T2675] EXT4-fs (loop0): pa ffff8881db8a2930: logic 16, phys. 128, len 24 [ 88.078165][ T2675] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./478/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./478") = 0 mkdir("./479", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2679 ./strace-static-x86_64: Process 2679 attached [pid 2679] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2679] chdir("./479") = 0 [pid 2679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2679] setpgid(0, 0) = 0 [pid 2679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2679] write(3, "1000", 4) = 4 [pid 2679] close(3) = 0 [pid 2679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2679] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2679] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2679] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2680], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2680 [pid 2679] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2680 attached [pid 2680] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2680] memfd_create("syzkaller", 0) = 3 [pid 2680] ftruncate(3, 2097152) = 0 [pid 2680] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2680] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2680] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2680] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2680] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2680] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2680] mkdir("./file0", 0777) = 0 [pid 2680] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2680] ioctl(4, LOOP_CLR_FD) = 0 [pid 2680] close(4) = 0 [pid 2680] close(3) = 0 [pid 2680] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2680] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2679] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2680] <... futex resumed>) = 0 [pid 2680] chdir("./file0") = 0 [pid 2680] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2680] creat("./file0", 000 [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2680] <... creat resumed>) = 3 [pid 2680] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2679] <... futex resumed>) = 0 [pid 2680] <... futex resumed>) = 1 [pid 2679] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2679] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2680] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2679] <... futex resumed>) = 0 [pid 2679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2679] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2679] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2680] <... write resumed>) = 40 [pid 2679] <... clone resumed>, parent_tid=[2683], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2683 [pid 2679] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2680] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2680] <... futex resumed>) = 0 [pid 2680] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2683 attached [pid 2683] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2683] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2683] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2683] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2679] <... futex resumed>) = 0 [pid 2679] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2680] <... futex resumed>) = 0 [pid 2679] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2680] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2680] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2679] <... futex resumed>) = 0 [pid 2680] <... futex resumed>) = 1 [pid 2679] exit_group(0 [pid 2680] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2679] <... exit_group resumed>) = ? [pid 2680] <... futex resumed>) = ? [pid 2683] <... futex resumed>) = ? [pid 2680] +++ exited with 0 +++ [pid 2683] +++ exited with 0 +++ [pid 2679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2679, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./479", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./479/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./479/binderfs") = 0 [ 88.179027][ T2683] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 88.194798][ T2683] EXT4-fs (loop0): pa ffff8881db90ebd0: logic 16, phys. 128, len 24 [ 88.202822][ T2683] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./479/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./479") = 0 mkdir("./480", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2684 ./strace-static-x86_64: Process 2684 attached [pid 2684] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2684] chdir("./480") = 0 [pid 2684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2684] setpgid(0, 0) = 0 [pid 2684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2684] write(3, "1000", 4) = 4 [pid 2684] close(3) = 0 [pid 2684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2684] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2684] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2684] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2685 attached [pid 2685] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2685] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2684] <... clone resumed>, parent_tid=[2685], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2685 [pid 2684] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2685] <... futex resumed>) = 0 [pid 2684] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2685] memfd_create("syzkaller", 0) = 3 [pid 2685] ftruncate(3, 2097152) = 0 [pid 2685] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2685] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2685] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2685] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2685] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2685] mkdir("./file0", 0777) = 0 [pid 2685] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2685] ioctl(4, LOOP_CLR_FD) = 0 [pid 2685] close(4) = 0 [pid 2685] close(3) = 0 [pid 2685] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2684] <... futex resumed>) = 0 [pid 2684] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] chdir("./file0" [pid 2684] <... futex resumed>) = 0 [pid 2684] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2685] <... chdir resumed>) = 0 [pid 2685] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2684] <... futex resumed>) = 0 [pid 2685] creat("./file0", 000 [pid 2684] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2684] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2685] <... creat resumed>) = 3 [pid 2685] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2684] <... futex resumed>) = 0 [pid 2685] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2684] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2685] <... write resumed>) = 40 [pid 2684] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2685] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2684] <... futex resumed>) = 0 [pid 2684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2684] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2685] <... futex resumed>) = 0 [pid 2684] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2688 attached , parent_tid=[2688], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2688 [pid 2688] set_robust_list(0x7f01680719e0, 24 [pid 2684] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2688] <... set_robust_list resumed>) = 0 [pid 2684] <... futex resumed>) = 0 [pid 2688] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2684] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2685] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2688] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2688] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2684] <... futex resumed>) = 0 [pid 2684] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2684] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2685] <... futex resumed>) = 0 [pid 2685] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2685] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2684] <... futex resumed>) = 0 [pid 2684] exit_group(0) = ? [pid 2685] <... futex resumed>) = ? [pid 2685] +++ exited with 0 +++ [pid 2688] +++ exited with 0 +++ [pid 2684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2684, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./480", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./480/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./480/binderfs") = 0 [ 88.316832][ T2688] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 88.333034][ T2688] EXT4-fs (loop0): pa ffff8881db8a2d20: logic 16, phys. 128, len 24 [ 88.341061][ T2688] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./480/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./480") = 0 mkdir("./481", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2689 ./strace-static-x86_64: Process 2689 attached [pid 2689] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2689] chdir("./481") = 0 [pid 2689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2689] setpgid(0, 0) = 0 [pid 2689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2689] write(3, "1000", 4) = 4 [pid 2689] close(3) = 0 [pid 2689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2689] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2689] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2689] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2690 attached , parent_tid=[2690], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2690 [pid 2690] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2690] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2689] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2690] <... futex resumed>) = 0 [pid 2690] memfd_create("syzkaller", 0) = 3 [pid 2689] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2690] ftruncate(3, 2097152) = 0 [pid 2690] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2690] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2690] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2690] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2690] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2690] mkdir("./file0", 0777) = 0 [pid 2690] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2690] ioctl(4, LOOP_CLR_FD) = 0 [pid 2690] close(4) = 0 [pid 2690] close(3) = 0 [pid 2690] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2689] <... futex resumed>) = 0 [pid 2690] chdir("./file0" [pid 2689] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2689] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2690] <... chdir resumed>) = 0 [pid 2690] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2689] <... futex resumed>) = 0 [pid 2689] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2690] creat("./file0", 000 [pid 2689] <... futex resumed>) = 0 [pid 2689] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2690] <... creat resumed>) = 3 [pid 2690] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2689] <... futex resumed>) = 0 [pid 2689] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2690] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2689] <... futex resumed>) = 0 [pid 2689] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2689] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2689] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2693 attached , parent_tid=[2693], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2693 [pid 2689] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2690] <... write resumed>) = 40 [pid 2689] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2690] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2690] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2693] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2693] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2693] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2689] <... futex resumed>) = 0 [pid 2689] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2689] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2693] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2690] <... futex resumed>) = 0 [pid 2690] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2690] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2689] <... futex resumed>) = 0 [pid 2689] exit_group(0) = ? [pid 2693] <... futex resumed>) = ? [pid 2690] +++ exited with 0 +++ [pid 2693] +++ exited with 0 +++ [pid 2689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2689, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./481", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./481/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./481/binderfs") = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./481/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./481") = 0 mkdir("./482", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2694 ./strace-static-x86_64: Process 2694 attached [pid 2694] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2694] chdir("./482") = 0 [pid 2694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2694] setpgid(0, 0) = 0 [pid 2694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2694] write(3, "1000", 4) = 4 [pid 2694] close(3) = 0 [pid 2694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2694] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2694] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2694] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2695], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2695 [pid 2694] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2695 attached [pid 2695] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2695] memfd_create("syzkaller", 0) = 3 [pid 2695] ftruncate(3, 2097152) = 0 [pid 2695] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2695] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2695] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2695] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2695] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2695] mkdir("./file0", 0777) = 0 [pid 2695] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2695] ioctl(4, LOOP_CLR_FD) = 0 [pid 2695] close(4) = 0 [pid 2695] close(3) = 0 [pid 2695] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2694] <... futex resumed>) = 0 [pid 2695] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2694] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2695] chdir("./file0" [pid 2694] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2695] <... chdir resumed>) = 0 [pid 2695] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2694] <... futex resumed>) = 0 [pid 2694] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2695] creat("./file0", 000) = 3 [pid 2695] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2694] <... futex resumed>) = 0 [pid 2694] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2695] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2694] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2694] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2694] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2698], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2698 [pid 2694] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2694] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2695] <... write resumed>) = 40 [pid 2695] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2695] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2698 attached [ 88.448394][ T2693] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 88.465773][ T2693] EXT4-fs (loop0): pa ffff8881db8a23f0: logic 16, phys. 128, len 24 [ 88.473816][ T2693] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 2698] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2698] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2698] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2694] <... futex resumed>) = 0 [pid 2694] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2695] <... futex resumed>) = 0 [pid 2694] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2695] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2698] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2695] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2695] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2694] <... futex resumed>) = 0 [pid 2694] exit_group(0) = ? [pid 2698] <... futex resumed>) = ? [pid 2695] +++ exited with 0 +++ [pid 2698] +++ exited with 0 +++ [pid 2694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2694, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./482", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./482/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./482/binderfs") = 0 [ 88.530755][ T2698] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 88.550164][ T2698] EXT4-fs (loop0): pa ffff8881db8a2738: logic 16, phys. 128, len 24 [ 88.558156][ T2698] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./482/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./482") = 0 mkdir("./483", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2699 ./strace-static-x86_64: Process 2699 attached [pid 2699] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2699] chdir("./483") = 0 [pid 2699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2699] setpgid(0, 0) = 0 [pid 2699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2699] write(3, "1000", 4) = 4 [pid 2699] close(3) = 0 [pid 2699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2699] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2699] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2699] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2700 attached , parent_tid=[2700], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2700 [pid 2699] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2699] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2700] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2700] memfd_create("syzkaller", 0) = 3 [pid 2700] ftruncate(3, 2097152) = 0 [pid 2700] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2700] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2700] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2700] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2700] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2700] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2700] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2700] mkdir("./file0", 0777) = 0 [pid 2700] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2700] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2700] ioctl(4, LOOP_CLR_FD) = 0 [pid 2700] close(4) = 0 [pid 2700] close(3) = 0 [pid 2700] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2699] <... futex resumed>) = 0 [pid 2700] chdir("./file0" [pid 2699] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2700] <... chdir resumed>) = 0 [pid 2699] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2700] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2699] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2700] creat("./file0", 000 [pid 2699] <... futex resumed>) = 0 [pid 2699] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2700] <... creat resumed>) = 3 [pid 2700] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2699] <... futex resumed>) = 0 [pid 2700] <... futex resumed>) = 1 [pid 2699] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2700] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2699] <... futex resumed>) = 0 [pid 2699] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2699] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2699] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2700] <... write resumed>) = 40 [pid 2699] <... mprotect resumed>) = 0 [pid 2700] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2699] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2700] <... futex resumed>) = 0 [pid 2699] <... clone resumed>, parent_tid=[2703], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2703 ./strace-static-x86_64: Process 2703 attached [pid 2703] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2703] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2700] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2699] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2703] <... futex resumed>) = 0 [pid 2703] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2699] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2703] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2703] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2699] <... futex resumed>) = 0 [pid 2703] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2699] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2700] <... futex resumed>) = 0 [pid 2699] <... futex resumed>) = 1 [pid 2700] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2699] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2700] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2700] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2700] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2699] exit_group(0) = ? [pid 2700] <... futex resumed>) = ? [pid 2700] +++ exited with 0 +++ [pid 2703] <... futex resumed>) = ? [pid 2703] +++ exited with 0 +++ [pid 2699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2699, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./483", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./483/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./483/binderfs") = 0 [ 88.692305][ T2703] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 88.708326][ T2703] EXT4-fs (loop0): pa ffff8881e68ae000: logic 16, phys. 128, len 24 [ 88.716353][ T2703] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./483/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./483") = 0 mkdir("./484", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2704 ./strace-static-x86_64: Process 2704 attached [pid 2704] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2704] chdir("./484") = 0 [pid 2704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2704] setpgid(0, 0) = 0 [pid 2704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2704] write(3, "1000", 4) = 4 [pid 2704] close(3) = 0 [pid 2704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2704] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2704] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2704] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2705], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2705 [pid 2704] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2704] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2705 attached [pid 2705] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2705] memfd_create("syzkaller", 0) = 3 [pid 2705] ftruncate(3, 2097152) = 0 [pid 2705] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2705] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2705] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2705] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2705] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2705] mkdir("./file0", 0777) = 0 [pid 2705] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2705] ioctl(4, LOOP_CLR_FD) = 0 [pid 2705] close(4) = 0 [pid 2705] close(3) = 0 [pid 2705] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2704] <... futex resumed>) = 0 [pid 2704] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2704] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2705] chdir("./file0") = 0 [pid 2705] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2704] <... futex resumed>) = 0 [pid 2704] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2704] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2705] <... futex resumed>) = 1 [pid 2705] creat("./file0", 000) = 3 [pid 2705] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2704] <... futex resumed>) = 0 [pid 2705] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2704] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2704] <... futex resumed>) = 0 [pid 2705] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2704] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2705] <... write resumed>) = 40 [pid 2704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2705] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2704] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2705] <... futex resumed>) = 0 [pid 2705] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2704] <... mprotect resumed>) = 0 [pid 2704] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2708 attached , parent_tid=[2708], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2708 [pid 2708] set_robust_list(0x7f01680719e0, 24 [pid 2704] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2708] <... set_robust_list resumed>) = 0 [pid 2704] <... futex resumed>) = 0 [pid 2708] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2704] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2708] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2708] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2704] <... futex resumed>) = 0 [pid 2704] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2704] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2705] <... futex resumed>) = 0 [pid 2705] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2705] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2704] <... futex resumed>) = 0 [pid 2704] exit_group(0 [pid 2708] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2704] <... exit_group resumed>) = ? [pid 2708] <... futex resumed>) = ? [pid 2708] +++ exited with 0 +++ [pid 2705] <... futex resumed>) = ? [pid 2705] +++ exited with 0 +++ [pid 2704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2704, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./484", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./484/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./484/binderfs") = 0 [ 88.822135][ T2708] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 88.838964][ T2705] EXT4-fs (loop0): pa ffff8881e68ae0a8: logic 16, phys. 128, len 24 [ 88.846954][ T2705] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./484/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./484") = 0 mkdir("./485", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2709 ./strace-static-x86_64: Process 2709 attached [pid 2709] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2709] chdir("./485") = 0 [pid 2709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2709] setpgid(0, 0) = 0 [pid 2709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2709] write(3, "1000", 4) = 4 [pid 2709] close(3) = 0 [pid 2709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2709] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2709] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2709] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2710], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2710 ./strace-static-x86_64: Process 2710 attached [pid 2709] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2710] set_robust_list(0x7f01680929e0, 24 [pid 2709] <... futex resumed>) = 0 [pid 2710] <... set_robust_list resumed>) = 0 [pid 2709] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2710] memfd_create("syzkaller", 0) = 3 [pid 2710] ftruncate(3, 2097152) = 0 [pid 2710] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2710] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2710] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2710] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2710] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2710] mkdir("./file0", 0777) = 0 [pid 2710] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2710] ioctl(4, LOOP_CLR_FD) = 0 [pid 2710] close(4) = 0 [pid 2710] close(3) = 0 [pid 2710] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2709] <... futex resumed>) = 0 [pid 2709] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2709] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2710] chdir("./file0") = 0 [pid 2710] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2710] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2709] <... futex resumed>) = 0 [pid 2709] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2710] <... futex resumed>) = 0 [pid 2710] creat("./file0", 000) = 3 [pid 2710] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2710] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2709] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2709] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2710] <... futex resumed>) = 0 [pid 2710] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2710] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2710] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2709] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2710] <... futex resumed>) = 0 [pid 2710] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2709] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2710] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2710] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2709] <... futex resumed>) = 0 [pid 2709] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2709] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2710] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2710] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2709] <... futex resumed>) = 0 [pid 2709] exit_group(0) = ? [pid 2710] +++ exited with 0 +++ [pid 2709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2709, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./485", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./485/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./485/binderfs") = 0 [ 89.007141][ T2710] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 89.024186][ T2710] EXT4-fs (loop0): pa ffff8881db8a2b28: logic 16, phys. 128, len 24 [ 89.032209][ T2710] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./485/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./485") = 0 mkdir("./486", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2713 attached , child_tidptr=0x55555656e5d0) = 2713 [pid 2713] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2713] chdir("./486") = 0 [pid 2713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2713] setpgid(0, 0) = 0 [pid 2713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2713] write(3, "1000", 4) = 4 [pid 2713] close(3) = 0 [pid 2713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2713] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2713] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2713] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2714], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2714 ./strace-static-x86_64: Process 2714 attached [pid 2714] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2714] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2714] <... futex resumed>) = 0 [pid 2713] <... futex resumed>) = 1 [pid 2714] memfd_create("syzkaller", 0 [pid 2713] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2714] <... memfd_create resumed>) = 3 [pid 2714] ftruncate(3, 2097152) = 0 [pid 2714] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2714] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2714] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2714] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2714] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2714] mkdir("./file0", 0777) = 0 [pid 2714] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2714] ioctl(4, LOOP_CLR_FD) = 0 [pid 2714] close(4) = 0 [pid 2714] close(3) = 0 [pid 2714] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2714] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] <... futex resumed>) = 0 [pid 2713] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2714] <... futex resumed>) = 0 [pid 2713] <... futex resumed>) = 1 [pid 2714] chdir("./file0") = 0 [pid 2713] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2714] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2714] <... futex resumed>) = 0 [pid 2713] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2714] creat("./file0", 000 [pid 2713] <... futex resumed>) = 0 [pid 2714] <... creat resumed>) = 3 [pid 2713] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2714] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2714] <... futex resumed>) = 0 [pid 2714] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2713] <... futex resumed>) = 0 [pid 2714] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2713] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2714] <... write resumed>) = 40 [pid 2713] <... futex resumed>) = 0 [pid 2714] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2714] <... futex resumed>) = 0 [pid 2713] <... mmap resumed>) = 0x7f0168051000 [pid 2714] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2713] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2717 attached [pid 2717] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2717] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] <... clone resumed>, parent_tid=[2717], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2717 [pid 2713] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2717] <... futex resumed>) = 0 [pid 2717] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2713] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2717] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2717] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2717] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] <... futex resumed>) = 0 [pid 2713] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2714] <... futex resumed>) = 0 [pid 2713] <... futex resumed>) = 1 [pid 2714] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2713] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2714] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2714] <... futex resumed>) = 0 [pid 2714] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2713] exit_group(0) = ? [pid 2714] <... futex resumed>) = ? [pid 2717] <... futex resumed>) = ? [pid 2714] +++ exited with 0 +++ [pid 2717] +++ exited with 0 +++ [pid 2713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2713, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./486", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./486/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./486/binderfs") = 0 [ 89.119806][ T2717] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 89.136580][ T2717] EXT4-fs (loop0): pa ffff8881e68aed20: logic 16, phys. 128, len 24 [ 89.144588][ T2717] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./486/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./486") = 0 mkdir("./487", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2718 attached [pid 2718] set_robust_list(0x55555656e5e0, 24 [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2718 [pid 2718] <... set_robust_list resumed>) = 0 [pid 2718] chdir("./487") = 0 [pid 2718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2718] setpgid(0, 0) = 0 [pid 2718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2718] write(3, "1000", 4) = 4 [pid 2718] close(3) = 0 [pid 2718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2718] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2718] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2718] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2719 attached , parent_tid=[2719], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2719 [pid 2719] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2719] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2718] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2719] <... futex resumed>) = 0 [pid 2718] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2719] memfd_create("syzkaller", 0) = 3 [pid 2719] ftruncate(3, 2097152) = 0 [pid 2719] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2719] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2719] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2719] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2719] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2719] mkdir("./file0", 0777) = 0 [pid 2719] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2719] ioctl(4, LOOP_CLR_FD) = 0 [pid 2719] close(4) = 0 [pid 2719] close(3) = 0 [pid 2719] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2718] <... futex resumed>) = 0 [pid 2718] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2718] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2719] chdir("./file0") = 0 [pid 2719] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2718] <... futex resumed>) = 0 [pid 2718] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2718] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2719] creat("./file0", 000) = 3 [pid 2719] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2718] <... futex resumed>) = 0 [pid 2718] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2718] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2718] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2719] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2718] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2722], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2722 [pid 2719] <... write resumed>) = 40 [pid 2718] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2718] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2719] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2722 attached [pid 2722] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2722] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2719] <... futex resumed>) = 0 [pid 2719] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2722] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2722] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2718] <... futex resumed>) = 0 [pid 2722] <... futex resumed>) = 1 [pid 2718] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2722] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2718] <... futex resumed>) = 1 [pid 2719] <... futex resumed>) = 0 [pid 2718] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2719] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2719] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2718] <... futex resumed>) = 0 [pid 2719] <... futex resumed>) = 1 [pid 2718] exit_group(0 [pid 2719] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2718] <... exit_group resumed>) = ? [pid 2719] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 2722] <... futex resumed>) = ? [pid 2719] +++ exited with 0 +++ [pid 2722] +++ exited with 0 +++ [pid 2718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2718, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./487", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./487/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./487/binderfs") = 0 umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 89.242980][ T2722] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 89.258599][ T2722] EXT4-fs (loop0): pa ffff8881e68ae348: logic 16, phys. 128, len 24 [ 89.266606][ T2722] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 rmdir("./487/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./487") = 0 mkdir("./488", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2723 ./strace-static-x86_64: Process 2723 attached [pid 2723] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2723] chdir("./488") = 0 [pid 2723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2723] setpgid(0, 0) = 0 [pid 2723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2723] write(3, "1000", 4) = 4 [pid 2723] close(3) = 0 [pid 2723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2723] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2723] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2723] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2724], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2724 ./strace-static-x86_64: Process 2724 attached [pid 2724] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2724] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2723] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2724] <... futex resumed>) = 0 [pid 2724] memfd_create("syzkaller", 0 [pid 2723] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2724] <... memfd_create resumed>) = 3 [pid 2724] ftruncate(3, 2097152) = 0 [pid 2724] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2724] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2724] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2724] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2724] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2724] mkdir("./file0", 0777) = 0 [pid 2724] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2724] ioctl(4, LOOP_CLR_FD) = 0 [pid 2724] close(4) = 0 [pid 2724] close(3) = 0 [pid 2724] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2724] chdir("./file0" [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2724] <... chdir resumed>) = 0 [pid 2724] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2724] creat("./file0", 000 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2724] <... creat resumed>) = 3 [pid 2724] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2723] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2723] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2727], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2727 [pid 2724] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2723] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2723] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2724] <... write resumed>) = 40 [pid 2724] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2724] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2727 attached [pid 2727] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2727] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2727] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2723] <... futex resumed>) = 0 [pid 2723] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2723] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2724] <... futex resumed>) = 0 [pid 2724] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2724] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2723] <... futex resumed>) = 0 [pid 2723] exit_group(0) = ? [pid 2724] <... futex resumed>) = ? [pid 2724] +++ exited with 0 +++ [pid 2727] +++ exited with 0 +++ [pid 2723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2723, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./488", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./488/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./488/binderfs") = 0 [ 89.357879][ T2727] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 89.374212][ T2727] EXT4-fs (loop0): pa ffff8881db8a2a80: logic 16, phys. 128, len 24 [ 89.382312][ T2727] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./488/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./488") = 0 mkdir("./489", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2728 ./strace-static-x86_64: Process 2728 attached [pid 2728] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2728] chdir("./489") = 0 [pid 2728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2728] setpgid(0, 0) = 0 [pid 2728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2728] write(3, "1000", 4) = 4 [pid 2728] close(3) = 0 [pid 2728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2728] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2728] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2728] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2729 attached [pid 2729] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2729] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2728] <... clone resumed>, parent_tid=[2729], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2729 [pid 2728] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] <... futex resumed>) = 0 [pid 2729] memfd_create("syzkaller", 0 [pid 2728] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2729] <... memfd_create resumed>) = 3 [pid 2729] ftruncate(3, 2097152) = 0 [pid 2729] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2729] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2729] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2729] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2729] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2729] mkdir("./file0", 0777) = 0 [pid 2729] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2729] ioctl(4, LOOP_CLR_FD) = 0 [pid 2729] close(4) = 0 [pid 2729] close(3) = 0 [pid 2729] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2728] <... futex resumed>) = 0 [pid 2728] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] <... futex resumed>) = 0 [pid 2729] chdir("./file0") = 0 [pid 2729] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2728] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2728] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] <... futex resumed>) = 0 [pid 2729] creat("./file0", 000) = 3 [pid 2729] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2728] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2728] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] <... futex resumed>) = 0 [pid 2729] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2729] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2728] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] <... futex resumed>) = 0 [pid 2729] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2728] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2729] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2729] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2728] <... futex resumed>) = 0 [pid 2728] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2729] <... futex resumed>) = 0 [pid 2729] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2729] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2729] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2728] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2728] exit_group(0) = ? [pid 2729] <... futex resumed>) = ? [pid 2729] +++ exited with 0 +++ [pid 2728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2728, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./489", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./489/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./489/binderfs") = 0 [ 89.519766][ T2729] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 89.537524][ T2729] EXT4-fs (loop0): pa ffff8881db8a2888: logic 16, phys. 128, len 24 [ 89.545540][ T2729] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./489/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./489") = 0 mkdir("./490", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2732 ./strace-static-x86_64: Process 2732 attached [pid 2732] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2732] chdir("./490") = 0 [pid 2732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2732] setpgid(0, 0) = 0 [pid 2732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2732] write(3, "1000", 4) = 4 [pid 2732] close(3) = 0 [pid 2732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2732] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2732] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2732] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2733], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2733 [pid 2732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2733 attached [pid 2733] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2733] memfd_create("syzkaller", 0) = 3 [pid 2733] ftruncate(3, 2097152) = 0 [pid 2733] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2733] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2733] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2733] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2733] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2733] mkdir("./file0", 0777) = 0 [pid 2733] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2733] ioctl(4, LOOP_CLR_FD) = 0 [pid 2733] close(4) = 0 [pid 2733] close(3) = 0 [pid 2733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2733] <... futex resumed>) = 1 [pid 2733] chdir("./file0") = 0 [pid 2733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2733] creat("./file0", 000 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2733] <... creat resumed>) = 3 [pid 2733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2733] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2732] <... futex resumed>) = 0 [pid 2732] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2732] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2732] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2736 attached [pid 2736] set_robust_list(0x7f01680719e0, 24 [pid 2732] <... clone resumed>, parent_tid=[2736], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2736 [pid 2733] <... write resumed>) = 40 [pid 2732] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2736] <... set_robust_list resumed>) = 0 [pid 2732] <... futex resumed>) = 0 [pid 2736] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2732] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2733] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2736] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2736] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2732] <... futex resumed>) = 0 [pid 2736] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2732] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2733] <... futex resumed>) = 0 [pid 2732] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2733] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2733] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2732] <... futex resumed>) = 0 [pid 2733] <... futex resumed>) = 1 [pid 2732] exit_group(0 [pid 2733] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2732] <... exit_group resumed>) = ? [pid 2733] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 2736] <... futex resumed>) = ? [pid 2733] +++ exited with 0 +++ [pid 2736] +++ exited with 0 +++ [pid 2732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2732, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./490", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./490/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./490/binderfs") = 0 [ 89.673736][ T2736] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 89.690148][ T2736] EXT4-fs (loop0): pa ffff8881db8a2dc8: logic 16, phys. 128, len 24 [ 89.698215][ T2736] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./490/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./490") = 0 mkdir("./491", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2737 ./strace-static-x86_64: Process 2737 attached [pid 2737] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2737] chdir("./491") = 0 [pid 2737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2737] setpgid(0, 0) = 0 [pid 2737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2737] write(3, "1000", 4) = 4 [pid 2737] close(3) = 0 [pid 2737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2737] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2737] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2737] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2738 attached , parent_tid=[2738], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2738 [pid 2738] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2738] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2738] <... futex resumed>) = 0 [pid 2737] <... futex resumed>) = 1 [pid 2738] memfd_create("syzkaller", 0 [pid 2737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2738] <... memfd_create resumed>) = 3 [pid 2738] ftruncate(3, 2097152) = 0 [pid 2738] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2738] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2738] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2738] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2738] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2738] mkdir("./file0", 0777) = 0 [pid 2738] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2738] ioctl(4, LOOP_CLR_FD) = 0 [pid 2738] close(4) = 0 [pid 2738] close(3) = 0 [pid 2738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2737] <... futex resumed>) = 0 [pid 2737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2738] <... futex resumed>) = 1 [pid 2738] chdir("./file0") = 0 [pid 2738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2737] <... futex resumed>) = 0 [pid 2737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2738] <... futex resumed>) = 1 [pid 2738] creat("./file0", 000) = 3 [pid 2738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2737] <... futex resumed>) = 0 [pid 2738] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2738] <... write resumed>) = 40 [pid 2737] <... futex resumed>) = 0 [pid 2738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2738] <... futex resumed>) = 0 [pid 2737] <... futex resumed>) = 0 [pid 2738] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2738] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2737] <... futex resumed>) = 0 [pid 2737] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2737] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2738] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2738] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2737] <... futex resumed>) = 0 [pid 2737] exit_group(0) = ? [pid 2738] +++ exited with 0 +++ [pid 2737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2737, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./491", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./491/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./491/binderfs") = 0 [ 89.839296][ T2738] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 89.856428][ T2738] EXT4-fs (loop0): pa ffff8881e68aec78: logic 16, phys. 128, len 24 [ 89.864468][ T2738] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./491/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./491/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./491/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./491/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./491") = 0 mkdir("./492", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2741 attached , child_tidptr=0x55555656e5d0) = 2741 [pid 2741] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2741] chdir("./492") = 0 [pid 2741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2741] setpgid(0, 0) = 0 [pid 2741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2741] write(3, "1000", 4) = 4 [pid 2741] close(3) = 0 [pid 2741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2741] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2741] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2741] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2742], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2742 ./strace-static-x86_64: Process 2742 attached [pid 2741] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2742] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2742] memfd_create("syzkaller", 0) = 3 [pid 2742] ftruncate(3, 2097152) = 0 [pid 2742] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2742] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2742] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2742] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2742] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2742] mkdir("./file0", 0777) = 0 [pid 2742] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2742] ioctl(4, LOOP_CLR_FD) = 0 [pid 2742] close(4) = 0 [pid 2742] close(3) = 0 [pid 2742] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2741] <... futex resumed>) = 0 [pid 2741] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2742] <... futex resumed>) = 1 [pid 2742] chdir("./file0") = 0 [pid 2742] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2741] <... futex resumed>) = 0 [pid 2741] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2742] <... futex resumed>) = 1 [pid 2742] creat("./file0", 000) = 3 [pid 2742] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2741] <... futex resumed>) = 0 [pid 2741] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2741] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2741] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2745], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2745 [pid 2741] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2741] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2742] <... futex resumed>) = 1 [pid 2742] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2742] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2742] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2745 attached [pid 2745] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2745] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2745] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2741] <... futex resumed>) = 0 [pid 2741] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2741] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2742] <... futex resumed>) = 0 [pid 2742] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2745] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2742] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2741] <... futex resumed>) = 0 [pid 2741] exit_group(0 [pid 2745] <... futex resumed>) = ? [pid 2741] <... exit_group resumed>) = ? [pid 2745] +++ exited with 0 +++ [pid 2742] <... futex resumed>) = ? [pid 2742] +++ exited with 0 +++ [pid 2741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2741, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./492", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./492/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./492/binderfs") = 0 [ 90.000608][ T2745] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 90.017473][ T2742] EXT4-fs (loop0): pa ffff8881e68aee70: logic 16, phys. 128, len 24 [ 90.025544][ T2742] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./492/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./492/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./492/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./492/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./492") = 0 mkdir("./493", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2746 attached [pid 2746] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2746] chdir("./493") = 0 [pid 2746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2746] setpgid(0, 0) = 0 [pid 2746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 304] <... clone resumed>, child_tidptr=0x55555656e5d0) = 2746 [pid 2746] <... openat resumed>) = 3 [pid 2746] write(3, "1000", 4) = 4 [pid 2746] close(3) = 0 [pid 2746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2746] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2746] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2746] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2747], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2747 [pid 2746] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2747 attached [pid 2747] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2747] memfd_create("syzkaller", 0) = 3 [pid 2747] ftruncate(3, 2097152) = 0 [pid 2747] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2747] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2747] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2747] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2747] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2747] mkdir("./file0", 0777) = 0 [pid 2747] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2747] ioctl(4, LOOP_CLR_FD) = 0 [pid 2747] close(4) = 0 [pid 2747] close(3) = 0 [pid 2747] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2747] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2746] <... futex resumed>) = 0 [pid 2746] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2747] <... futex resumed>) = 0 [pid 2747] chdir("./file0") = 0 [pid 2747] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2747] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2746] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2746] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2747] <... futex resumed>) = 0 [pid 2747] creat("./file0", 000 [pid 2746] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] <... creat resumed>) = 3 [pid 2747] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2747] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2746] <... futex resumed>) = 0 [pid 2746] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2747] <... futex resumed>) = 0 [pid 2747] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2747] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2747] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2746] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2747] <... futex resumed>) = 0 [pid 2747] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2746] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2747] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] <... futex resumed>) = 0 [pid 2746] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2746] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2747] <... futex resumed>) = 1 [pid 2747] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2747] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2746] <... futex resumed>) = 0 [pid 2746] exit_group(0) = ? [pid 2747] <... futex resumed>) = ? [pid 2747] +++ exited with 0 +++ [pid 2746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2746, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./493", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./493/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./493/binderfs") = 0 [ 90.159193][ T2747] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 90.174987][ T2747] EXT4-fs (loop0): pa ffff8881e69febd0: logic 16, phys. 128, len 24 [ 90.182990][ T2747] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./493/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./493/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./493/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./493/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./493") = 0 mkdir("./494", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2750 ./strace-static-x86_64: Process 2750 attached [pid 2750] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2750] chdir("./494") = 0 [pid 2750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2750] setpgid(0, 0) = 0 [pid 2750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2750] write(3, "1000", 4) = 4 [pid 2750] close(3) = 0 [pid 2750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2750] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2750] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2750] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2751 attached [pid 2751] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2751] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] <... clone resumed>, parent_tid=[2751], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2751 [pid 2750] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2751] memfd_create("syzkaller", 0) = 3 [pid 2751] ftruncate(3, 2097152) = 0 [pid 2751] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2751] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2751] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2751] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2751] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2751] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2750] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2751] mkdir("./file0", 0777) = 0 [pid 2751] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2751] ioctl(4, LOOP_CLR_FD) = 0 [pid 2751] close(4) = 0 [pid 2751] close(3) = 0 [pid 2751] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] <... futex resumed>) = 0 [pid 2750] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2751] chdir("./file0" [pid 2750] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2751] <... chdir resumed>) = 0 [pid 2751] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2750] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2751] creat("./file0", 000 [pid 2750] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2751] <... creat resumed>) = 3 [pid 2751] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] <... futex resumed>) = 0 [pid 2750] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2751] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2751] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2751] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2750] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2751] <... futex resumed>) = 0 [pid 2751] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2750] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2751] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2751] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2750] <... futex resumed>) = 0 [pid 2750] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2750] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2751] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2751] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2750] <... futex resumed>) = 0 [pid 2750] exit_group(0 [pid 2751] <... futex resumed>) = 1 [pid 2750] <... exit_group resumed>) = ? [pid 2751] +++ exited with 0 +++ [pid 2750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2750, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./494", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./494/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./494/binderfs") = 0 [ 90.274656][ T2751] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 90.291534][ T2751] EXT4-fs (loop0): pa ffff8881db8a2e70: logic 16, phys. 128, len 24 [ 90.299503][ T2751] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./494/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./494/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./494/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./494/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./494") = 0 mkdir("./495", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2754 ./strace-static-x86_64: Process 2754 attached [pid 2754] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2754] chdir("./495") = 0 [pid 2754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2754] setpgid(0, 0) = 0 [pid 2754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2754] write(3, "1000", 4) = 4 [pid 2754] close(3) = 0 [pid 2754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2754] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2754] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2754] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2755], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2755 [pid 2754] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2754] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2755 attached [pid 2755] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2755] memfd_create("syzkaller", 0) = 3 [pid 2755] ftruncate(3, 2097152) = 0 [pid 2755] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2755] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2755] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2755] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2755] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2755] mkdir("./file0", 0777) = 0 [pid 2755] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2755] ioctl(4, LOOP_CLR_FD) = 0 [pid 2755] close(4) = 0 [pid 2755] close(3) = 0 [pid 2755] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2755] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2754] <... futex resumed>) = 0 [pid 2754] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2754] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2755] <... futex resumed>) = 0 [pid 2755] chdir("./file0") = 0 [pid 2755] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2754] <... futex resumed>) = 0 [pid 2754] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2754] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2755] <... futex resumed>) = 1 [pid 2755] creat("./file0", 000) = 3 [pid 2755] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2754] <... futex resumed>) = 0 [pid 2754] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2755] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2754] <... futex resumed>) = 0 [pid 2754] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2755] <... write resumed>) = 40 [pid 2754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2755] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2754] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2755] <... futex resumed>) = 0 [pid 2754] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2758 attached [pid 2758] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2758] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2754] <... clone resumed>, parent_tid=[2758], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2758 [pid 2755] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2754] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2758] <... futex resumed>) = 0 [pid 2758] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2754] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2758] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2758] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2754] <... futex resumed>) = 0 [pid 2758] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2754] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2754] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2755] <... futex resumed>) = 0 [pid 2755] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2755] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2754] <... futex resumed>) = 0 [pid 2754] exit_group(0) = ? [pid 2758] <... futex resumed>) = ? [pid 2758] +++ exited with 0 +++ [pid 2755] +++ exited with 0 +++ [pid 2754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2754, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./495", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./495/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./495/binderfs") = 0 [ 90.454630][ T2758] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 90.471901][ T2755] EXT4-fs (loop0): pa ffff8881dba2c000: logic 16, phys. 128, len 24 [ 90.479985][ T2755] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./495/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./495/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./495/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./495/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./495") = 0 mkdir("./496", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2759 ./strace-static-x86_64: Process 2759 attached [pid 2759] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2759] chdir("./496") = 0 [pid 2759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2759] setpgid(0, 0) = 0 [pid 2759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2759] write(3, "1000", 4) = 4 [pid 2759] close(3) = 0 [pid 2759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2759] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2759] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2759] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2760 attached , parent_tid=[2760], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2760 [pid 2760] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2760] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2759] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2760] <... futex resumed>) = 0 [pid 2760] memfd_create("syzkaller", 0 [pid 2759] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2760] <... memfd_create resumed>) = 3 [pid 2760] ftruncate(3, 2097152) = 0 [pid 2760] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2760] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2760] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2760] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2760] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2760] mkdir("./file0", 0777) = 0 [pid 2760] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2760] ioctl(4, LOOP_CLR_FD) = 0 [pid 2760] close(4) = 0 [pid 2760] close(3) = 0 [pid 2760] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2759] <... futex resumed>) = 0 [pid 2759] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2759] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2760] chdir("./file0") = 0 [pid 2760] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2759] <... futex resumed>) = 0 [pid 2759] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2759] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2760] creat("./file0", 000) = 3 [pid 2760] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2759] <... futex resumed>) = 0 [pid 2760] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2759] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2759] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2759] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2759] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2763], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2763 [pid 2759] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2759] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2763 attached [pid 2763] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2763] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2760] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2763] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2763] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2759] <... futex resumed>) = 0 [pid 2759] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2759] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2763] <... futex resumed>) = 1 [pid 2763] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2763] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2759] <... futex resumed>) = 0 [pid 2763] <... futex resumed>) = 1 [pid 2763] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2760] <... write resumed>) = 40 [pid 2760] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2760] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2759] exit_group(0) = ? [pid 2763] <... futex resumed>) = 231 [pid 2760] <... futex resumed>) = ? [pid 2760] +++ exited with 0 +++ [pid 2763] +++ exited with 0 +++ [pid 2759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2759, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./496", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./496/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./496/binderfs") = 0 [ 90.596434][ T2763] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./496/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./496/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./496/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./496/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./496") = 0 mkdir("./497", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2764 ./strace-static-x86_64: Process 2764 attached [pid 2764] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2764] chdir("./497") = 0 [pid 2764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2764] setpgid(0, 0) = 0 [pid 2764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2764] write(3, "1000", 4) = 4 [pid 2764] close(3) = 0 [pid 2764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2764] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2764] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2764] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2765 attached [pid 2765] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2765] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2764] <... clone resumed>, parent_tid=[2765], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2765 [pid 2764] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2765] <... futex resumed>) = 0 [pid 2764] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2765] memfd_create("syzkaller", 0) = 3 [pid 2765] ftruncate(3, 2097152) = 0 [pid 2765] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2765] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2765] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2765] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2765] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2765] mkdir("./file0", 0777) = 0 [pid 2765] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2765] ioctl(4, LOOP_CLR_FD) = 0 [pid 2765] close(4) = 0 [pid 2765] close(3) = 0 [pid 2765] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2765] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2764] <... futex resumed>) = 0 [pid 2764] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2765] <... futex resumed>) = 0 [pid 2765] chdir("./file0") = 0 [pid 2765] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2765] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2764] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2764] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2765] <... futex resumed>) = 0 [pid 2765] creat("./file0", 000) = 3 [pid 2764] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2765] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2765] <... futex resumed>) = 0 [pid 2764] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2765] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2764] <... futex resumed>) = 0 [pid 2765] <... write resumed>) = 40 [pid 2764] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2765] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2764] <... futex resumed>) = 0 [pid 2765] <... futex resumed>) = 0 [pid 2764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2765] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2764] <... mmap resumed>) = 0x7f0168051000 [pid 2764] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2764] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2768], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2768 [pid 2764] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2764] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2768 attached [pid 2768] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2768] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2768] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2764] <... futex resumed>) = 0 [pid 2764] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2765] <... futex resumed>) = 0 [pid 2764] <... futex resumed>) = 1 [pid 2765] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2764] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2765] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2765] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2765] <... futex resumed>) = 0 [pid 2765] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2764] exit_group(0 [pid 2765] <... futex resumed>) = ? [pid 2764] <... exit_group resumed>) = ? [pid 2765] +++ exited with 0 +++ [pid 2768] +++ exited with 0 +++ [pid 2764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2764, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./497", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./497/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./497/binderfs") = 0 [ 90.709548][ T2768] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 90.726391][ T2768] EXT4-fs (loop0): pa ffff8881db8a2000: logic 16, phys. 128, len 24 [ 90.734400][ T2768] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./497/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./497/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./497/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./497/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./497") = 0 mkdir("./498", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2769 ./strace-static-x86_64: Process 2769 attached [pid 2769] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2769] chdir("./498") = 0 [pid 2769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2769] setpgid(0, 0) = 0 [pid 2769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2769] write(3, "1000", 4) = 4 [pid 2769] close(3) = 0 [pid 2769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2769] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2769] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2769] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2770 attached , parent_tid=[2770], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2770 [pid 2770] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2770] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2770] <... futex resumed>) = 0 [pid 2770] memfd_create("syzkaller", 0 [pid 2769] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2770] <... memfd_create resumed>) = 3 [pid 2770] ftruncate(3, 2097152) = 0 [pid 2770] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2770] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2770] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2770] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2770] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2770] mkdir("./file0", 0777) = 0 [pid 2770] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2770] ioctl(4, LOOP_CLR_FD) = 0 [pid 2770] close(4) = 0 [pid 2770] close(3) = 0 [pid 2770] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2769] <... futex resumed>) = 0 [pid 2770] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2769] <... futex resumed>) = 0 [pid 2770] chdir("./file0" [pid 2769] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2770] <... chdir resumed>) = 0 [pid 2770] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2769] <... futex resumed>) = 0 [pid 2770] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2770] <... futex resumed>) = 0 [pid 2769] <... futex resumed>) = 1 [pid 2770] creat("./file0", 000) = 3 [pid 2769] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2770] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2770] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2770] <... futex resumed>) = 0 [pid 2769] <... futex resumed>) = 1 [pid 2770] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2769] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2770] <... write resumed>) = 40 [pid 2770] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2769] <... futex resumed>) = 0 [pid 2770] <... futex resumed>) = 0 [pid 2770] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2769] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2769] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2773 attached [pid 2773] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2773] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] <... clone resumed>, parent_tid=[2773], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2773 [pid 2769] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2773] <... futex resumed>) = 0 [pid 2773] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2769] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2773] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2773] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2773] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] <... futex resumed>) = 0 [pid 2769] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2770] <... futex resumed>) = 0 [pid 2770] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2770] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2770] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2769] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2769] exit_group(0) = ? [pid 2773] <... futex resumed>) = 231 [pid 2770] <... futex resumed>) = ? [pid 2773] +++ exited with 0 +++ [pid 2770] +++ exited with 0 +++ [pid 2769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2769, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./498", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./498/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./498/binderfs") = 0 [ 90.884833][ T2773] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 90.901926][ T2769] EXT4-fs (loop0): pa ffff8881dba2cdc8: logic 16, phys. 128, len 24 [ 90.910083][ T2769] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./498/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./498/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./498/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./498/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./498") = 0 mkdir("./499", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2774 attached , child_tidptr=0x55555656e5d0) = 2774 [pid 2774] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2774] chdir("./499") = 0 [pid 2774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2774] setpgid(0, 0) = 0 [pid 2774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2774] write(3, "1000", 4) = 4 [pid 2774] close(3) = 0 [pid 2774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2774] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2774] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2774] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2775 attached [pid 2775] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2775] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2774] <... clone resumed>, parent_tid=[2775], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2775 [pid 2774] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2775] <... futex resumed>) = 0 [pid 2775] memfd_create("syzkaller", 0) = 3 [pid 2775] ftruncate(3, 2097152) = 0 [pid 2775] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2775] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2775] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2775] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2775] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2775] ioctl(4, LOOP_SET_FD, 3 [pid 2774] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2775] <... ioctl resumed>) = 0 [pid 2775] mkdir("./file0", 0777) = 0 [pid 2775] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2775] ioctl(4, LOOP_CLR_FD) = 0 [pid 2775] close(4) = 0 [pid 2775] close(3) = 0 [pid 2775] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2775] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2774] <... futex resumed>) = 0 [pid 2774] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2775] <... futex resumed>) = 0 [pid 2775] chdir("./file0") = 0 [pid 2775] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2775] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2774] <... futex resumed>) = 1 [pid 2774] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2774] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2775] <... futex resumed>) = 0 [pid 2775] creat("./file0", 000 [pid 2774] <... futex resumed>) = 1 [pid 2774] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2775] <... creat resumed>) = 3 [pid 2775] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2775] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2774] <... futex resumed>) = 0 [pid 2774] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2775] <... futex resumed>) = 0 [pid 2775] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2775] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2775] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2774] <... futex resumed>) = 1 [pid 2774] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2775] <... futex resumed>) = 0 [pid 2775] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2774] <... futex resumed>) = 1 [pid 2774] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2775] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2775] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2774] <... futex resumed>) = 0 [pid 2775] <... futex resumed>) = 1 [pid 2774] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2775] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2774] <... futex resumed>) = 0 [pid 2775] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2774] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2775] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2775] <... futex resumed>) = 0 [pid 2774] exit_group(0 [pid 2775] ????( [pid 2774] <... exit_group resumed>) = ? [pid 2775] <... ???? resumed>) = ? [pid 2775] +++ exited with 0 +++ [pid 2774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2774, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./499", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./499/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./499/binderfs") = 0 [ 91.045587][ T2775] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 91.061086][ T2775] EXT4-fs (loop0): pa ffff8881e68aebd0: logic 16, phys. 128, len 24 [ 91.069074][ T2775] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./499/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./499/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./499/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./499/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./499") = 0 mkdir("./500", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2778 ./strace-static-x86_64: Process 2778 attached [pid 2778] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2778] chdir("./500") = 0 [pid 2778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2778] setpgid(0, 0) = 0 [pid 2778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2778] write(3, "1000", 4) = 4 [pid 2778] close(3) = 0 [pid 2778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2778] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2778] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2778] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2779 attached , parent_tid=[2779], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2779 [pid 2779] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2779] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2778] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2779] <... futex resumed>) = 0 [pid 2779] memfd_create("syzkaller", 0 [pid 2778] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2779] <... memfd_create resumed>) = 3 [pid 2779] ftruncate(3, 2097152) = 0 [pid 2779] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2779] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2779] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2779] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2779] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2779] mkdir("./file0", 0777) = 0 [pid 2779] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2779] ioctl(4, LOOP_CLR_FD) = 0 [pid 2779] close(4) = 0 [pid 2779] close(3) = 0 [pid 2779] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2779] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2778] <... futex resumed>) = 0 [pid 2778] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2779] <... futex resumed>) = 0 [pid 2778] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] chdir("./file0") = 0 [pid 2779] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2779] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2778] <... futex resumed>) = 0 [pid 2778] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2779] creat("./file0", 000 [pid 2778] <... futex resumed>) = 0 [pid 2778] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] <... creat resumed>) = 3 [pid 2779] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2778] <... futex resumed>) = 0 [pid 2779] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2778] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2779] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2778] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2779] <... write resumed>) = 40 [pid 2779] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2779] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2778] <... futex resumed>) = 0 [pid 2778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2778] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2778] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2782], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2782 [pid 2778] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2782 attached ) = 0 [pid 2778] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2782] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2782] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2782] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2778] <... futex resumed>) = 0 [pid 2778] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2778] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2779] <... futex resumed>) = 0 [pid 2779] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2779] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2779] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2782] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2778] <... futex resumed>) = 0 [pid 2778] exit_group(0 [pid 2779] <... futex resumed>) = ? [pid 2782] <... futex resumed>) = ? [pid 2779] +++ exited with 0 +++ [pid 2778] <... exit_group resumed>) = ? [pid 2782] +++ exited with 0 +++ [pid 2778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2778, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./500", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./500/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./500/binderfs") = 0 [ 91.201326][ T2782] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 91.218521][ T2782] EXT4-fs (loop0): pa ffff8881e68ae888: logic 16, phys. 128, len 24 [ 91.226643][ T2782] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./500/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./500/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./500/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./500/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./500") = 0 mkdir("./501", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2783 ./strace-static-x86_64: Process 2783 attached [pid 2783] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2783] chdir("./501") = 0 [pid 2783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2783] setpgid(0, 0) = 0 [pid 2783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2783] write(3, "1000", 4) = 4 [pid 2783] close(3) = 0 [pid 2783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2783] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2783] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2783] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2784 attached , parent_tid=[2784], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2784 [pid 2784] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2784] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2784] <... futex resumed>) = 0 [pid 2784] memfd_create("syzkaller", 0) = 3 [pid 2784] ftruncate(3, 2097152) = 0 [pid 2784] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2784] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2784] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2784] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2784] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2784] ioctl(4, LOOP_SET_FD, 3 [pid 2783] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2784] <... ioctl resumed>) = 0 [pid 2784] mkdir("./file0", 0777) = 0 [pid 2784] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2784] ioctl(4, LOOP_CLR_FD) = 0 [pid 2784] close(4) = 0 [pid 2784] close(3) = 0 [pid 2784] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2784] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... futex resumed>) = 0 [pid 2783] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2784] <... futex resumed>) = 0 [pid 2783] <... futex resumed>) = 1 [pid 2784] chdir("./file0" [pid 2783] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2784] <... chdir resumed>) = 0 [pid 2784] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2784] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... futex resumed>) = 0 [pid 2783] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2783] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2784] creat("./file0", 000) = 3 [pid 2784] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2784] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... futex resumed>) = 0 [pid 2783] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2784] <... futex resumed>) = 0 [pid 2783] <... futex resumed>) = 1 [pid 2784] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2783] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2783] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2783] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2784] <... write resumed>) = 40 [pid 2784] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2784] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... clone resumed>, parent_tid=[2787], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2787 [pid 2783] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2783] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2787 attached [pid 2787] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2787] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2787] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2783] <... futex resumed>) = 0 [pid 2787] <... futex resumed>) = 1 [pid 2783] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2787] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... futex resumed>) = 1 [pid 2784] <... futex resumed>) = 0 [pid 2783] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2784] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2784] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2783] <... futex resumed>) = 0 [pid 2784] <... futex resumed>) = 1 [pid 2783] exit_group(0 [pid 2784] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2783] <... exit_group resumed>) = ? [pid 2784] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 2787] <... futex resumed>) = ? [pid 2784] +++ exited with 0 +++ [pid 2787] +++ exited with 0 +++ [pid 2783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2783, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./501", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./501/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./501/binderfs") = 0 [ 91.340338][ T2787] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 91.356015][ T2787] EXT4-fs (loop0): pa ffff8881e69ba5e8: logic 16, phys. 128, len 24 [ 91.364018][ T2787] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./501/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./501/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./501/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./501/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./501") = 0 mkdir("./502", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2788 ./strace-static-x86_64: Process 2788 attached [pid 2788] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2788] chdir("./502") = 0 [pid 2788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2788] setpgid(0, 0) = 0 [pid 2788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2788] write(3, "1000", 4) = 4 [pid 2788] close(3) = 0 [pid 2788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2788] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2788] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2788] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2789], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2789 [pid 2788] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2789 attached [pid 2789] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2789] memfd_create("syzkaller", 0) = 3 [pid 2789] ftruncate(3, 2097152) = 0 [pid 2789] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2789] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2789] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2789] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2789] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2789] mkdir("./file0", 0777) = 0 [pid 2789] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2789] ioctl(4, LOOP_CLR_FD) = 0 [pid 2789] close(4) = 0 [pid 2789] close(3) = 0 [pid 2789] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2788] <... futex resumed>) = 0 [pid 2788] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2789] <... futex resumed>) = 1 [pid 2789] chdir("./file0") = 0 [pid 2789] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2788] <... futex resumed>) = 0 [pid 2788] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2789] <... futex resumed>) = 1 [pid 2789] creat("./file0", 000) = 3 [pid 2789] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2788] <... futex resumed>) = 0 [pid 2788] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2789] <... futex resumed>) = 1 [pid 2788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2788] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2788] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2792 attached , parent_tid=[2792], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2792 [pid 2792] set_robust_list(0x7f01680719e0, 24 [pid 2788] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2792] <... set_robust_list resumed>) = 0 [pid 2788] <... futex resumed>) = 0 [pid 2792] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2788] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2789] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2792] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2792] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2788] <... futex resumed>) = 0 [pid 2792] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2788] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2788] <... futex resumed>) = 0 [pid 2792] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2788] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2792] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2788] <... futex resumed>) = 0 [pid 2792] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2789] <... write resumed>) = 40 [pid 2789] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2788] exit_group(0) = ? [pid 2792] <... futex resumed>) = 230 [pid 2792] +++ exited with 0 +++ [pid 2789] +++ exited with 0 +++ [pid 2788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2788, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./502", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./502/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./502/binderfs") = 0 umount2("./502/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./502/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./502/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./502/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./502") = 0 mkdir("./503", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2793 ./strace-static-x86_64: Process 2793 attached [pid 2793] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2793] chdir("./503") = 0 [pid 2793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2793] setpgid(0, 0) = 0 [pid 2793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2793] write(3, "1000", 4) = 4 [pid 2793] close(3) = 0 [pid 2793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2793] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2793] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2793] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2794], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2794 [pid 2793] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2794 attached [pid 2794] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2794] memfd_create("syzkaller", 0) = 3 [pid 2794] ftruncate(3, 2097152) = 0 [pid 2794] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2794] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2794] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2794] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2794] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2794] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2794] mkdir("./file0", 0777) = 0 [pid 2794] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2794] ioctl(4, LOOP_CLR_FD) = 0 [pid 2794] close(4) = 0 [pid 2794] close(3) = 0 [pid 2794] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2793] <... futex resumed>) = 0 [pid 2793] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2794] <... futex resumed>) = 1 [pid 2794] chdir("./file0") = 0 [pid 2794] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2793] <... futex resumed>) = 0 [pid 2793] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2794] <... futex resumed>) = 1 [pid 2794] creat("./file0", 000) = 3 [pid 2794] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2793] <... futex resumed>) = 0 [pid 2793] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2793] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2793] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2797], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2797 [pid 2793] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2793] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2794] <... futex resumed>) = 1 [pid 2794] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2794] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2794] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2797 attached [pid 2797] set_robust_list(0x7f01680719e0, 24) = 0 [ 91.437589][ T2792] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata [pid 2797] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2797] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2793] <... futex resumed>) = 0 [pid 2793] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2794] <... futex resumed>) = 0 [pid 2793] <... futex resumed>) = 1 [pid 2794] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2793] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2794] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2794] <... futex resumed>) = 0 [pid 2793] exit_group(0 [pid 2794] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 2793] <... exit_group resumed>) = ? [pid 2794] +++ exited with 0 +++ [pid 2797] +++ exited with 0 +++ [pid 2793] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2793, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./503", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./503/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./503/binderfs") = 0 [ 91.499011][ T2797] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 91.516483][ T2797] EXT4-fs (loop0): pa ffff8881e69bad20: logic 16, phys. 128, len 24 [ 91.524520][ T2797] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./503/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./503/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./503/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./503/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./503") = 0 mkdir("./504", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2798 ./strace-static-x86_64: Process 2798 attached [pid 2798] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2798] chdir("./504") = 0 [pid 2798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2798] setpgid(0, 0) = 0 [pid 2798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2798] write(3, "1000", 4) = 4 [pid 2798] close(3) = 0 [pid 2798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2798] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2798] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2798] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2799], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2799 ./strace-static-x86_64: Process 2799 attached [pid 2798] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2798] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2799] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2799] memfd_create("syzkaller", 0) = 3 [pid 2799] ftruncate(3, 2097152) = 0 [pid 2799] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2799] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2799] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2799] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2799] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2799] mkdir("./file0", 0777) = 0 [pid 2799] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2799] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2799] ioctl(4, LOOP_CLR_FD) = 0 [pid 2799] close(4) = 0 [pid 2799] close(3) = 0 [pid 2799] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2798] <... futex resumed>) = 0 [pid 2798] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2798] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2799] chdir("./file0") = 0 [pid 2799] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2798] <... futex resumed>) = 0 [pid 2798] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2798] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2799] creat("./file0", 000) = 3 [pid 2799] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2798] <... futex resumed>) = 0 [pid 2798] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2798] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2799] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2798] <... mmap resumed>) = 0x7f0168051000 [pid 2798] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2799] <... write resumed>) = 40 [pid 2798] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2799] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2798] <... clone resumed>, parent_tid=[2802], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2802 [pid 2798] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2799] <... futex resumed>) = 0 [pid 2799] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2798] <... futex resumed>) = 0 [pid 2798] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2802 attached [pid 2802] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2802] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2802] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2798] <... futex resumed>) = 0 [pid 2798] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2798] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2802] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2799] <... futex resumed>) = 0 [pid 2799] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2799] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2798] <... futex resumed>) = 0 [pid 2798] exit_group(0) = ? [pid 2802] <... futex resumed>) = ? [pid 2799] +++ exited with 0 +++ [pid 2802] +++ exited with 0 +++ [pid 2798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2798, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./504", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./504/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./504/binderfs") = 0 [ 91.687134][ T2802] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 91.704906][ T2802] EXT4-fs (loop0): pa ffff8881e69111f8: logic 16, phys. 128, len 24 [ 91.712958][ T2802] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./504/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./504/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./504/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./504/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./504") = 0 mkdir("./505", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2803 ./strace-static-x86_64: Process 2803 attached [pid 2803] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2803] chdir("./505") = 0 [pid 2803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2803] setpgid(0, 0) = 0 [pid 2803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2803] write(3, "1000", 4) = 4 [pid 2803] close(3) = 0 [pid 2803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2803] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2803] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2803] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2804 attached [pid 2804] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2804] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2803] <... clone resumed>, parent_tid=[2804], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2804 [pid 2803] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2804] <... futex resumed>) = 0 [pid 2803] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2804] memfd_create("syzkaller", 0) = 3 [pid 2804] ftruncate(3, 2097152) = 0 [pid 2804] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2804] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2804] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2804] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2804] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2804] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2804] mkdir("./file0", 0777) = 0 [pid 2804] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2804] ioctl(4, LOOP_CLR_FD) = 0 [pid 2804] close(4) = 0 [pid 2804] close(3) = 0 [pid 2804] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2803] <... futex resumed>) = 0 [pid 2804] chdir("./file0" [pid 2803] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2804] <... chdir resumed>) = 0 [pid 2803] <... futex resumed>) = 0 [pid 2803] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2804] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2803] <... futex resumed>) = 0 [pid 2803] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2803] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2804] creat("./file0", 000) = 3 [pid 2804] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2803] <... futex resumed>) = 0 [pid 2803] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2803] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2803] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2803] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2807], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2807 [pid 2803] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2803] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2804] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2804] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2804] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2807 attached [pid 2807] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2807] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2807] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2803] <... futex resumed>) = 0 [pid 2803] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2803] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2804] <... futex resumed>) = 0 [pid 2804] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2804] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2803] <... futex resumed>) = 0 [pid 2803] exit_group(0) = ? [pid 2804] +++ exited with 0 +++ [pid 2807] +++ exited with 0 +++ [pid 2803] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2803, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./505", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./505/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./505/binderfs") = 0 [ 91.823466][ T2807] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 91.840758][ T2807] EXT4-fs (loop0): pa ffff8881e69112a0: logic 16, phys. 128, len 24 [ 91.848749][ T2807] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./505/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./505/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./505/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./505/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./505") = 0 mkdir("./506", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2808 ./strace-static-x86_64: Process 2808 attached [pid 2808] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2808] chdir("./506") = 0 [pid 2808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2808] setpgid(0, 0) = 0 [pid 2808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2808] write(3, "1000", 4) = 4 [pid 2808] close(3) = 0 [pid 2808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2808] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2808] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2808] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2809 attached [pid 2809] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2809] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2808] <... clone resumed>, parent_tid=[2809], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2809 [pid 2808] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2809] <... futex resumed>) = 0 [pid 2808] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2809] memfd_create("syzkaller", 0) = 3 [pid 2809] ftruncate(3, 2097152) = 0 [pid 2809] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2809] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2809] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2809] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2809] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2809] mkdir("./file0", 0777) = 0 [pid 2809] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2809] ioctl(4, LOOP_CLR_FD) = 0 [pid 2809] close(4) = 0 [pid 2809] close(3) = 0 [pid 2809] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2809] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2808] <... futex resumed>) = 0 [pid 2808] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2809] chdir("./file0") = 0 [pid 2809] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2809] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2808] <... futex resumed>) = 0 [pid 2808] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2809] creat("./file0", 000) = 3 [pid 2809] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2808] <... futex resumed>) = 0 [pid 2809] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2808] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2808] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2808] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2809] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2808] <... clone resumed>, parent_tid=[2812], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2812 [pid 2809] <... write resumed>) = 40 [pid 2809] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2808] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2809] <... futex resumed>) = 0 [pid 2809] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2808] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2812 attached [pid 2812] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2812] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2812] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2808] <... futex resumed>) = 0 [pid 2808] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2809] <... futex resumed>) = 0 [pid 2808] <... futex resumed>) = 1 [pid 2808] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2809] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2809] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2812] <... futex resumed>) = 1 [pid 2809] <... futex resumed>) = 1 [pid 2808] <... futex resumed>) = 0 [pid 2809] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2808] exit_group(0) = ? [pid 2809] <... futex resumed>) = ? [pid 2809] +++ exited with 0 +++ [pid 2812] +++ exited with 0 +++ [pid 2808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2808, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./506", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./506/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./506/binderfs") = 0 [ 91.951193][ T2812] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 91.967690][ T2812] EXT4-fs (loop0): pa ffff8881e6911f18: logic 16, phys. 128, len 24 [ 91.975691][ T2812] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./506/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./506/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./506/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./506/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./506") = 0 mkdir("./507", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2813 ./strace-static-x86_64: Process 2813 attached [pid 2813] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2813] chdir("./507") = 0 [pid 2813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2813] setpgid(0, 0) = 0 [pid 2813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2813] write(3, "1000", 4) = 4 [pid 2813] close(3) = 0 [pid 2813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2813] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2813] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2813] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2814 attached [pid 2814] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2814] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2813] <... clone resumed>, parent_tid=[2814], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2814 [pid 2813] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2814] <... futex resumed>) = 0 [pid 2814] memfd_create("syzkaller", 0) = 3 [pid 2814] ftruncate(3, 2097152) = 0 [pid 2814] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2814] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2814] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2814] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2814] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2813] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2814] mkdir("./file0", 0777) = 0 [pid 2814] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2814] ioctl(4, LOOP_CLR_FD) = 0 [pid 2814] close(4) = 0 [pid 2814] close(3) = 0 [pid 2814] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2813] <... futex resumed>) = 0 [pid 2813] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2813] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2814] chdir("./file0") = 0 [pid 2814] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2813] <... futex resumed>) = 0 [pid 2813] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2813] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2814] creat("./file0", 000) = 3 [pid 2814] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2813] <... futex resumed>) = 0 [pid 2813] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2813] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2813] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2814] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2813] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2814] <... write resumed>) = 40 [pid 2813] <... clone resumed>, parent_tid=[2817], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2817 [pid 2813] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2813] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2817 attached [pid 2817] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2814] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2817] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2814] <... futex resumed>) = 0 [pid 2814] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2817] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2817] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2813] <... futex resumed>) = 0 [pid 2813] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2813] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2817] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2814] <... futex resumed>) = 0 [pid 2814] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2814] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2813] <... futex resumed>) = 0 [pid 2813] exit_group(0 [pid 2814] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2813] <... exit_group resumed>) = ? [pid 2814] <... futex resumed>) = ? [pid 2817] <... futex resumed>) = ? [pid 2817] +++ exited with 0 +++ [pid 2814] +++ exited with 0 +++ [pid 2813] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2813, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./507", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./507/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./507/binderfs") = 0 [ 92.065188][ T2817] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 92.082645][ T2814] EXT4-fs (loop0): pa ffff8881e6911150: logic 16, phys. 128, len 24 [ 92.090661][ T2814] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./507/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./507/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./507/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./507/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./507") = 0 mkdir("./508", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2818 ./strace-static-x86_64: Process 2818 attached [pid 2818] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2818] chdir("./508") = 0 [pid 2818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2818] setpgid(0, 0) = 0 [pid 2818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2818] write(3, "1000", 4) = 4 [pid 2818] close(3) = 0 [pid 2818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2818] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2818] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2818] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2819 attached , parent_tid=[2819], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2819 [pid 2818] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2818] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2819] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2819] memfd_create("syzkaller", 0) = 3 [pid 2819] ftruncate(3, 2097152) = 0 [pid 2819] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2819] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2819] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2819] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2819] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2819] mkdir("./file0", 0777) = 0 [pid 2819] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2819] ioctl(4, LOOP_CLR_FD) = 0 [pid 2819] close(4) = 0 [pid 2819] close(3) = 0 [pid 2819] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2818] <... futex resumed>) = 0 [pid 2819] <... futex resumed>) = 1 [pid 2818] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2819] chdir("./file0" [pid 2818] <... futex resumed>) = 0 [pid 2818] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2819] <... chdir resumed>) = 0 [pid 2819] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2818] <... futex resumed>) = 0 [pid 2818] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2819] creat("./file0", 000 [pid 2818] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2819] <... creat resumed>) = 3 [pid 2819] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2818] <... futex resumed>) = 0 [pid 2818] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2818] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2818] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2818] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2822 attached [pid 2819] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2822] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2818] <... clone resumed>, parent_tid=[2822], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2822 [pid 2822] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2818] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2818] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2822] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2822] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2818] <... futex resumed>) = 0 [pid 2822] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2818] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2822] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2818] <... futex resumed>) = 0 [pid 2822] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2818] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2822] <... futex resumed>) = 0 [pid 2822] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2819] <... write resumed>) = 40 [pid 2819] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2819] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2818] exit_group(0) = ? [pid 2822] <... futex resumed>) = ? [pid 2822] +++ exited with 0 +++ [pid 2819] <... futex resumed>) = ? [pid 2819] +++ exited with 0 +++ [pid 2818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2818, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./508", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./508/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./508/binderfs") = 0 [ 92.192255][ T2822] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./508/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./508/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./508/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./508/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./508") = 0 mkdir("./509", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2823 ./strace-static-x86_64: Process 2823 attached [pid 2823] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2823] chdir("./509") = 0 [pid 2823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2823] setpgid(0, 0) = 0 [pid 2823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2823] write(3, "1000", 4) = 4 [pid 2823] close(3) = 0 [pid 2823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2823] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2823] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2823] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2824], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2824 [pid 2823] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2823] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2824 attached [pid 2824] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2824] memfd_create("syzkaller", 0) = 3 [pid 2824] ftruncate(3, 2097152) = 0 [pid 2824] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2824] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2824] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2824] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2824] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2824] mkdir("./file0", 0777) = 0 [pid 2824] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2824] ioctl(4, LOOP_CLR_FD) = 0 [pid 2824] close(4) = 0 [pid 2824] close(3) = 0 [pid 2824] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2823] <... futex resumed>) = 0 [pid 2823] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2824] chdir("./file0" [pid 2823] <... futex resumed>) = 0 [pid 2824] <... chdir resumed>) = 0 [pid 2823] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2824] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2823] <... futex resumed>) = 0 [pid 2823] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2823] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2824] creat("./file0", 000) = 3 [pid 2824] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2823] <... futex resumed>) = 0 [pid 2823] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2823] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2823] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2823] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2827], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2827 ./strace-static-x86_64: Process 2827 attached [pid 2823] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2827] set_robust_list(0x7f01680719e0, 24 [pid 2823] <... futex resumed>) = 0 [pid 2827] <... set_robust_list resumed>) = 0 [pid 2823] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2827] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2824] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2827] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2824] <... write resumed>) = 40 [pid 2827] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2824] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2824] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2827] <... futex resumed>) = 1 [pid 2823] <... futex resumed>) = 0 [pid 2823] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2823] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2824] <... futex resumed>) = 0 [pid 2824] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2824] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2823] <... futex resumed>) = 0 [pid 2823] exit_group(0) = ? [pid 2827] +++ exited with 0 +++ [pid 2824] <... futex resumed>) = ? [pid 2824] +++ exited with 0 +++ [pid 2823] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2823, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./509", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./509/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./509/binderfs") = 0 umount2("./509/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./509/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./509/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./509/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./509") = 0 mkdir("./510", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2828 attached [ 92.297080][ T2827] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata , child_tidptr=0x55555656e5d0) = 2828 [pid 2828] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2828] chdir("./510") = 0 [pid 2828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2828] setpgid(0, 0) = 0 [pid 2828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2828] write(3, "1000", 4) = 4 [pid 2828] close(3) = 0 [pid 2828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2828] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2828] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2828] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2829 attached [pid 2829] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2829] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2828] <... clone resumed>, parent_tid=[2829], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2829 [pid 2828] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2829] <... futex resumed>) = 0 [pid 2829] memfd_create("syzkaller", 0 [pid 2828] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2829] <... memfd_create resumed>) = 3 [pid 2829] ftruncate(3, 2097152) = 0 [pid 2829] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2829] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2829] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2829] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2829] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2829] mkdir("./file0", 0777) = 0 [pid 2829] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2829] ioctl(4, LOOP_CLR_FD) = 0 [pid 2829] close(4) = 0 [pid 2829] close(3) = 0 [pid 2829] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2829] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2828] <... futex resumed>) = 0 [pid 2828] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2829] <... futex resumed>) = 0 [pid 2828] <... futex resumed>) = 1 [pid 2829] chdir("./file0") = 0 [pid 2828] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2829] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2829] <... futex resumed>) = 0 [pid 2828] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2829] creat("./file0", 000 [pid 2828] <... futex resumed>) = 0 [pid 2828] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2829] <... creat resumed>) = 3 [pid 2829] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2829] <... futex resumed>) = 0 [pid 2828] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2829] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2828] <... futex resumed>) = 0 [pid 2829] <... write resumed>) = 40 [pid 2829] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2828] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2829] <... futex resumed>) = 0 [pid 2828] <... futex resumed>) = 0 [pid 2829] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2828] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2829] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2829] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2829] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2828] <... futex resumed>) = 0 [pid 2828] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2829] <... futex resumed>) = 0 [pid 2828] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2829] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2829] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2828] <... futex resumed>) = 0 [pid 2829] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2828] exit_group(0) = ? [pid 2829] <... futex resumed>) = 231 [pid 2829] +++ exited with 0 +++ [pid 2828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2828, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./510", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./510/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./510/binderfs") = 0 [ 92.386695][ T2829] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 92.403129][ T2829] EXT4-fs (loop0): pa ffff8881e6911a80: logic 16, phys. 128, len 24 [ 92.411214][ T2829] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./510/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./510/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./510/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./510/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./510") = 0 mkdir("./511", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2832 ./strace-static-x86_64: Process 2832 attached [pid 2832] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2832] chdir("./511") = 0 [pid 2832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2832] setpgid(0, 0) = 0 [pid 2832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2832] write(3, "1000", 4) = 4 [pid 2832] close(3) = 0 [pid 2832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2832] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2832] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2832] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2833 attached [pid 2833] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2833] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2832] <... clone resumed>, parent_tid=[2833], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2833 [pid 2832] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2833] <... futex resumed>) = 0 [pid 2832] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2833] memfd_create("syzkaller", 0) = 3 [pid 2833] ftruncate(3, 2097152) = 0 [pid 2833] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2833] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2833] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2833] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2833] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2833] mkdir("./file0", 0777) = 0 [pid 2833] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2833] ioctl(4, LOOP_CLR_FD) = 0 [pid 2833] close(4) = 0 [pid 2833] close(3) = 0 [pid 2833] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2832] <... futex resumed>) = 0 [pid 2832] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2833] chdir("./file0" [pid 2832] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2833] <... chdir resumed>) = 0 [pid 2833] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2832] <... futex resumed>) = 0 [pid 2832] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2832] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2833] <... futex resumed>) = 1 [pid 2833] creat("./file0", 000) = 3 [pid 2833] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2832] <... futex resumed>) = 0 [pid 2833] <... futex resumed>) = 1 [pid 2832] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2833] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2832] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2832] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2832] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2836 attached , parent_tid=[2836], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2836 [pid 2836] set_robust_list(0x7f01680719e0, 24 [pid 2832] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2836] <... set_robust_list resumed>) = 0 [pid 2836] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2832] <... futex resumed>) = 0 [pid 2832] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2836] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2836] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2833] <... write resumed>) = 40 [pid 2833] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2833] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2836] <... futex resumed>) = 1 [pid 2832] <... futex resumed>) = 0 [pid 2832] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2833] <... futex resumed>) = 0 [pid 2832] <... futex resumed>) = 1 [pid 2833] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2832] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2833] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2833] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2833] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2832] <... futex resumed>) = 0 [pid 2832] exit_group(0) = ? [pid 2833] <... futex resumed>) = ? [pid 2833] +++ exited with 0 +++ [pid 2836] +++ exited with 0 +++ [pid 2832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2832, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./511", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./511/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./511/binderfs") = 0 [ 92.520884][ T2836] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./511/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./511/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./511/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./511/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./511") = 0 mkdir("./512", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2837 ./strace-static-x86_64: Process 2837 attached [pid 2837] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2837] chdir("./512") = 0 [pid 2837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2837] setpgid(0, 0) = 0 [pid 2837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2837] write(3, "1000", 4) = 4 [pid 2837] close(3) = 0 [pid 2837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2837] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2837] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2837] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2838 attached , parent_tid=[2838], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2838 [pid 2837] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2838] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2838] memfd_create("syzkaller", 0) = 3 [pid 2838] ftruncate(3, 2097152) = 0 [pid 2838] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2838] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2838] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2838] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2838] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2838] mkdir("./file0", 0777) = 0 [pid 2838] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2838] ioctl(4, LOOP_CLR_FD) = 0 [pid 2838] close(4) = 0 [pid 2838] close(3) = 0 [pid 2838] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2838] <... futex resumed>) = 1 [pid 2838] chdir("./file0") = 0 [pid 2838] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2838] <... futex resumed>) = 1 [pid 2838] creat("./file0", 000) = 3 [pid 2838] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2837] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2837] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2841 attached [pid 2838] <... futex resumed>) = 1 [pid 2837] <... clone resumed>, parent_tid=[2841], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2841 [pid 2837] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2837] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2841] set_robust_list(0x7f01680719e0, 24 [pid 2838] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2841] <... set_robust_list resumed>) = 0 [pid 2841] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2841] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2838] <... write resumed>) = 40 [pid 2841] <... futex resumed>) = 1 [pid 2838] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2841] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2838] <... futex resumed>) = 0 [pid 2837] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2838] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2837] <... futex resumed>) = 0 [pid 2838] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2837] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2838] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2837] <... futex resumed>) = 0 [pid 2837] exit_group(0) = ? [pid 2841] <... futex resumed>) = ? [pid 2838] <... futex resumed>) = ? [pid 2841] +++ exited with 0 +++ [pid 2838] +++ exited with 0 +++ [pid 2837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2837, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./512", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./512/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./512/binderfs") = 0 [ 92.703457][ T2841] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./512/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./512/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./512/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./512/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./512") = 0 mkdir("./513", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2842 ./strace-static-x86_64: Process 2842 attached [pid 2842] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2842] chdir("./513") = 0 [pid 2842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2842] setpgid(0, 0) = 0 [pid 2842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2842] write(3, "1000", 4) = 4 [pid 2842] close(3) = 0 [pid 2842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2842] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2842] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2842] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2843], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2843 ./strace-static-x86_64: Process 2843 attached [pid 2842] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2843] set_robust_list(0x7f01680929e0, 24 [pid 2842] <... futex resumed>) = 0 [pid 2843] <... set_robust_list resumed>) = 0 [pid 2842] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2843] memfd_create("syzkaller", 0) = 3 [pid 2843] ftruncate(3, 2097152) = 0 [pid 2843] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2843] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2843] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2843] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2843] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2843] mkdir("./file0", 0777) = 0 [pid 2843] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2843] ioctl(4, LOOP_CLR_FD) = 0 [pid 2843] close(4) = 0 [pid 2843] close(3) = 0 [pid 2843] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2843] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2842] <... futex resumed>) = 0 [pid 2842] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2843] <... futex resumed>) = 0 [pid 2843] chdir("./file0") = 0 [pid 2843] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2843] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2842] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2842] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2843] <... futex resumed>) = 0 [pid 2843] creat("./file0", 000 [pid 2842] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2843] <... creat resumed>) = 3 [pid 2843] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2843] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2842] <... futex resumed>) = 0 [pid 2842] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2842] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2842] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2842] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2846 attached [pid 2846] set_robust_list(0x7f01680719e0, 24 [pid 2842] <... clone resumed>, parent_tid=[2846], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2846 [pid 2846] <... set_robust_list resumed>) = 0 [pid 2842] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2846] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2842] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2843] <... futex resumed>) = 0 [pid 2843] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2846] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2846] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2843] <... write resumed>) = 40 [pid 2846] <... futex resumed>) = 1 [pid 2842] <... futex resumed>) = 0 [pid 2842] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2842] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2843] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2843] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2846] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2846] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2842] <... futex resumed>) = 0 [pid 2842] exit_group(0) = ? [pid 2846] +++ exited with 0 +++ [pid 2843] <... futex resumed>) = ? [pid 2843] +++ exited with 0 +++ [pid 2842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2842, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./513", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./513/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./513/binderfs") = 0 [ 92.841741][ T2846] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./513/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./513/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./513/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./513/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./513") = 0 mkdir("./514", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2847 ./strace-static-x86_64: Process 2847 attached [pid 2847] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2847] chdir("./514") = 0 [pid 2847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2847] setpgid(0, 0) = 0 [pid 2847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2847] write(3, "1000", 4) = 4 [pid 2847] close(3) = 0 [pid 2847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2847] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2847] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2847] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2848 attached , parent_tid=[2848], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2848 [pid 2848] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2848] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2847] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2848] <... futex resumed>) = 0 [pid 2848] memfd_create("syzkaller", 0 [pid 2847] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2848] <... memfd_create resumed>) = 3 [pid 2848] ftruncate(3, 2097152) = 0 [pid 2848] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2848] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2848] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2848] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2848] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2848] mkdir("./file0", 0777) = 0 [pid 2848] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2848] ioctl(4, LOOP_CLR_FD) = 0 [pid 2848] close(4) = 0 [pid 2848] close(3) = 0 [pid 2848] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2848] <... futex resumed>) = 1 [pid 2848] chdir("./file0") = 0 [pid 2848] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2848] <... futex resumed>) = 1 [pid 2848] creat("./file0", 000) = 3 [pid 2848] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2847] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2847] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2851], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2851 [pid 2847] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2847] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2848] <... futex resumed>) = 1 [pid 2848] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2848] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2848] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2851 attached [pid 2851] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2851] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2851] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2847] <... futex resumed>) = 0 [pid 2847] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2847] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2848] <... futex resumed>) = 0 [pid 2848] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2848] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2847] <... futex resumed>) = 0 [pid 2847] exit_group(0) = ? [pid 2848] <... futex resumed>) = ? [pid 2848] +++ exited with 0 +++ [pid 2851] +++ exited with 0 +++ [pid 2847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2847, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./514", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./514/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./514/binderfs") = 0 [ 92.993536][ T2851] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 93.010267][ T2851] EXT4-fs (loop0): pa ffff8881e6911e70: logic 16, phys. 128, len 24 [ 93.018325][ T2851] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./514/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./514/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./514/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./514/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./514") = 0 mkdir("./515", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2852 ./strace-static-x86_64: Process 2852 attached [pid 2852] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2852] chdir("./515") = 0 [pid 2852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2852] setpgid(0, 0) = 0 [pid 2852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2852] write(3, "1000", 4) = 4 [pid 2852] close(3) = 0 [pid 2852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2852] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2852] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2852] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2853 attached , parent_tid=[2853], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2853 [pid 2852] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2852] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2853] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2853] memfd_create("syzkaller", 0) = 3 [pid 2853] ftruncate(3, 2097152) = 0 [pid 2853] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2853] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2853] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2853] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2853] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2853] mkdir("./file0", 0777) = 0 [pid 2853] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2853] ioctl(4, LOOP_CLR_FD) = 0 [pid 2853] close(4) = 0 [pid 2853] close(3) = 0 [pid 2853] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2852] <... futex resumed>) = 0 [pid 2852] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2852] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2853] <... futex resumed>) = 1 [pid 2853] chdir("./file0") = 0 [pid 2853] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2852] <... futex resumed>) = 0 [pid 2852] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2852] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2853] <... futex resumed>) = 1 [pid 2853] creat("./file0", 000) = 3 [pid 2853] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2852] <... futex resumed>) = 0 [pid 2852] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2852] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2852] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2852] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2856], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2856 [pid 2852] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2852] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2853] <... futex resumed>) = 1 [pid 2853] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2853] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2853] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2856 attached [pid 2856] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2856] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2856] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2852] <... futex resumed>) = 0 [pid 2852] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2852] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2853] <... futex resumed>) = 0 [pid 2853] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2853] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2856] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2852] <... futex resumed>) = 0 [pid 2852] exit_group(0) = ? [pid 2856] <... futex resumed>) = ? [pid 2856] +++ exited with 0 +++ [pid 2853] <... futex resumed>) = ? [pid 2853] +++ exited with 0 +++ [pid 2852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2852, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./515", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./515/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./515/binderfs") = 0 [ 93.162141][ T2856] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 93.179406][ T2853] EXT4-fs (loop0): pa ffff8881e69bab28: logic 16, phys. 128, len 24 [ 93.187450][ T2853] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./515/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./515/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./515/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./515/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./515") = 0 mkdir("./516", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2857 ./strace-static-x86_64: Process 2857 attached [pid 2857] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2857] chdir("./516") = 0 [pid 2857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2857] setpgid(0, 0) = 0 [pid 2857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2857] write(3, "1000", 4) = 4 [pid 2857] close(3) = 0 [pid 2857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2857] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2857] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2857] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2858 attached , parent_tid=[2858], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2858 [pid 2858] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2858] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2857] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2858] <... futex resumed>) = 0 [pid 2858] memfd_create("syzkaller", 0 [pid 2857] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2858] <... memfd_create resumed>) = 3 [pid 2858] ftruncate(3, 2097152) = 0 [pid 2858] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2858] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2858] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2858] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2858] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2858] mkdir("./file0", 0777) = 0 [pid 2858] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2858] ioctl(4, LOOP_CLR_FD) = 0 [pid 2858] close(4) = 0 [pid 2858] close(3) = 0 [pid 2858] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2857] <... futex resumed>) = 0 [pid 2857] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2858] chdir("./file0") = 0 [pid 2858] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2857] <... futex resumed>) = 0 [pid 2857] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2858] creat("./file0", 000) = 3 [pid 2858] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2857] <... futex resumed>) = 0 [pid 2857] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2857] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2857] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2861], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2861 [pid 2857] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2857] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2858] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2858] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2858] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2861 attached [pid 2861] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2861] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2861] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2857] <... futex resumed>) = 0 [pid 2861] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2857] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2857] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2858] <... futex resumed>) = 0 [pid 2858] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2858] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2857] <... futex resumed>) = 0 [pid 2858] <... futex resumed>) = 1 [pid 2857] exit_group(0 [pid 2861] <... futex resumed>) = ? [pid 2857] <... exit_group resumed>) = ? [pid 2858] +++ exited with 0 +++ [pid 2861] +++ exited with 0 +++ [pid 2857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2857, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./516", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./516/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./516/binderfs") = 0 [ 93.322237][ T2861] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 93.338900][ T2861] EXT4-fs (loop0): pa ffff8881e69baf18: logic 16, phys. 128, len 24 [ 93.346959][ T2861] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./516/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./516/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./516/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./516/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./516") = 0 mkdir("./517", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2862 ./strace-static-x86_64: Process 2862 attached [pid 2862] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2862] chdir("./517") = 0 [pid 2862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2862] setpgid(0, 0) = 0 [pid 2862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2862] write(3, "1000", 4) = 4 [pid 2862] close(3) = 0 [pid 2862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2862] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2862] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2862] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2863 attached , parent_tid=[2863], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2863 [pid 2863] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2863] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2862] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2863] <... futex resumed>) = 0 [pid 2862] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2863] memfd_create("syzkaller", 0) = 3 [pid 2863] ftruncate(3, 2097152) = 0 [pid 2863] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2863] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2863] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2863] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2863] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2863] mkdir("./file0", 0777) = 0 [pid 2863] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2863] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2863] ioctl(4, LOOP_CLR_FD) = 0 [pid 2863] close(4) = 0 [pid 2863] close(3) = 0 [pid 2863] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2862] <... futex resumed>) = 0 [pid 2863] <... futex resumed>) = 1 [pid 2863] chdir("./file0" [pid 2862] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2863] <... chdir resumed>) = 0 [pid 2862] <... futex resumed>) = 0 [pid 2862] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2863] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2862] <... futex resumed>) = 0 [pid 2863] creat("./file0", 000 [pid 2862] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2862] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2863] <... creat resumed>) = 3 [pid 2863] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2862] <... futex resumed>) = 0 [pid 2862] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2862] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2862] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2862] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2866], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2866 [pid 2862] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2862] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2866 attached [pid 2863] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2866] set_robust_list(0x7f01680719e0, 24 [pid 2863] <... write resumed>) = 40 [pid 2866] <... set_robust_list resumed>) = 0 [pid 2863] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2866] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2863] <... futex resumed>) = 0 [pid 2863] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2866] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2866] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2862] <... futex resumed>) = 0 [pid 2866] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2862] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2863] <... futex resumed>) = 0 [pid 2862] <... futex resumed>) = 1 [pid 2863] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2862] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2863] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2863] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2862] <... futex resumed>) = 0 [pid 2863] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2862] exit_group(0 [pid 2866] <... futex resumed>) = ? [pid 2863] <... futex resumed>) = ? [pid 2862] <... exit_group resumed>) = ? [pid 2863] +++ exited with 0 +++ [pid 2866] +++ exited with 0 +++ [pid 2862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2862, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./517", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./517/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./517/binderfs") = 0 umount2("./517/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./517/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./517/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./517/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./517") = 0 mkdir("./518", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2867 ./strace-static-x86_64: Process 2867 attached [pid 2867] set_robust_list(0x55555656e5e0, 24) = 0 [ 93.468975][ T2866] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 93.486623][ T2866] EXT4-fs (loop0): pa ffff8881e69ba498: logic 16, phys. 128, len 24 [ 93.494687][ T2866] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 [pid 2867] chdir("./518") = 0 [pid 2867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2867] setpgid(0, 0) = 0 [pid 2867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2867] write(3, "1000", 4) = 4 [pid 2867] close(3) = 0 [pid 2867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2867] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2867] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2867] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2868 attached [pid 2868] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2868] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2867] <... clone resumed>, parent_tid=[2868], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2868 [pid 2867] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2868] <... futex resumed>) = 0 [pid 2868] memfd_create("syzkaller", 0) = 3 [pid 2868] ftruncate(3, 2097152) = 0 [pid 2868] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2868] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2868] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2868] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2868] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2868] ioctl(4, LOOP_SET_FD, 3 [pid 2867] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2868] <... ioctl resumed>) = 0 [pid 2868] mkdir("./file0", 0777) = 0 [pid 2868] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2868] ioctl(4, LOOP_CLR_FD) = 0 [pid 2868] close(4) = 0 [pid 2868] close(3) = 0 [pid 2868] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2868] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2867] <... futex resumed>) = 0 [pid 2867] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] <... futex resumed>) = 0 [pid 2867] <... futex resumed>) = 1 [pid 2868] chdir("./file0") = 0 [pid 2867] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2868] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2868] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2867] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] <... futex resumed>) = 0 [pid 2867] <... futex resumed>) = 1 [pid 2868] creat("./file0", 000) = 3 [pid 2867] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2868] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2868] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2867] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2868] <... futex resumed>) = 0 [pid 2868] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2867] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2867] <... futex resumed>) = 0 [pid 2868] <... futex resumed>) = 0 [pid 2867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2868] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2867] <... mmap resumed>) = 0x7f0168051000 [pid 2867] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2867] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2871 attached [pid 2871] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2871] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2867] <... clone resumed>, parent_tid=[2871], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2871 [pid 2867] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2871] <... futex resumed>) = 0 [pid 2871] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2867] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2871] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2871] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2871] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2867] <... futex resumed>) = 0 [pid 2867] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2868] <... futex resumed>) = 0 [pid 2867] <... futex resumed>) = 1 [pid 2868] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2867] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2868] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2868] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2867] <... futex resumed>) = 0 [pid 2868] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2867] exit_group(0) = ? [pid 2868] <... futex resumed>) = 231 [pid 2868] +++ exited with 0 +++ [pid 2871] <... futex resumed>) = ? [pid 2871] +++ exited with 0 +++ [pid 2867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2867, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./518", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./518/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./518/binderfs") = 0 [ 93.573767][ T2871] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 93.589741][ T2871] EXT4-fs (loop0): pa ffff8881e69babd0: logic 16, phys. 128, len 24 [ 93.597764][ T2871] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./518/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./518/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./518/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./518/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./518") = 0 mkdir("./519", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2872 ./strace-static-x86_64: Process 2872 attached [pid 2872] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2872] chdir("./519") = 0 [pid 2872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2872] setpgid(0, 0) = 0 [pid 2872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2872] write(3, "1000", 4) = 4 [pid 2872] close(3) = 0 [pid 2872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2872] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2872] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2872] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2873 attached , parent_tid=[2873], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2873 [pid 2873] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2873] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2872] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2873] <... futex resumed>) = 0 [pid 2872] <... futex resumed>) = 1 [pid 2873] memfd_create("syzkaller", 0 [pid 2872] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2873] <... memfd_create resumed>) = 3 [pid 2873] ftruncate(3, 2097152) = 0 [pid 2873] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2873] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2873] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2873] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2873] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2873] mkdir("./file0", 0777) = 0 [pid 2873] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2873] ioctl(4, LOOP_CLR_FD) = 0 [pid 2873] close(4) = 0 [pid 2873] close(3) = 0 [pid 2873] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2872] <... futex resumed>) = 0 [pid 2873] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2872] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2873] chdir("./file0" [pid 2872] <... futex resumed>) = 0 [pid 2873] <... chdir resumed>) = 0 [pid 2872] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2873] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2873] <... futex resumed>) = 0 [pid 2872] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2873] creat("./file0", 000 [pid 2872] <... futex resumed>) = 0 [pid 2873] <... creat resumed>) = 3 [pid 2873] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2872] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2873] <... futex resumed>) = 0 [pid 2872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2873] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2872] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2873] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2872] <... futex resumed>) = 0 [pid 2872] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2873] <... write resumed>) = 40 [pid 2872] <... futex resumed>) = 0 [pid 2873] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2873] <... futex resumed>) = 0 [pid 2872] <... mmap resumed>) = 0x7f0168051000 [pid 2873] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2872] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2872] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2876 attached , parent_tid=[2876], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2876 [pid 2876] set_robust_list(0x7f01680719e0, 24 [pid 2872] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2876] <... set_robust_list resumed>) = 0 [pid 2872] <... futex resumed>) = 0 [pid 2876] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2872] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2876] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2876] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2872] <... futex resumed>) = 0 [pid 2872] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2876] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2873] <... futex resumed>) = 0 [pid 2872] <... futex resumed>) = 1 [pid 2873] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2872] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2873] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2873] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2872] exit_group(0) = ? [pid 2873] <... futex resumed>) = ? [pid 2876] <... futex resumed>) = ? [pid 2873] +++ exited with 0 +++ [pid 2876] +++ exited with 0 +++ [pid 2872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2872, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./519", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./519/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./519/binderfs") = 0 [ 93.699651][ T2876] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 93.715777][ T2876] EXT4-fs (loop0): pa ffff8881e6911bd0: logic 16, phys. 128, len 24 [ 93.723790][ T2876] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./519/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./519/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./519/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./519/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./519") = 0 mkdir("./520", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2877 ./strace-static-x86_64: Process 2877 attached [pid 2877] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2877] chdir("./520") = 0 [pid 2877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2877] setpgid(0, 0) = 0 [pid 2877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2877] write(3, "1000", 4) = 4 [pid 2877] close(3) = 0 [pid 2877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2877] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2877] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2877] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2878], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2878 [pid 2877] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2877] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2878 attached [pid 2878] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2878] memfd_create("syzkaller", 0) = 3 [pid 2878] ftruncate(3, 2097152) = 0 [pid 2878] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2878] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2878] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2878] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2878] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2878] mkdir("./file0", 0777) = 0 [pid 2878] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2878] ioctl(4, LOOP_CLR_FD) = 0 [pid 2878] close(4) = 0 [pid 2878] close(3) = 0 [pid 2878] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2877] <... futex resumed>) = 0 [pid 2877] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2877] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2878] <... futex resumed>) = 1 [pid 2878] chdir("./file0") = 0 [pid 2878] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2877] <... futex resumed>) = 0 [pid 2877] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2877] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2878] <... futex resumed>) = 1 [pid 2878] creat("./file0", 000) = 3 [pid 2878] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2877] <... futex resumed>) = 0 [pid 2877] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2877] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2877] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2877] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2881], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2881 [pid 2877] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2877] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2878] <... futex resumed>) = 1 [pid 2878] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2878] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2878] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2881 attached [pid 2881] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2881] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2881] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2877] <... futex resumed>) = 0 [pid 2877] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2878] <... futex resumed>) = 0 [pid 2877] <... futex resumed>) = 1 [pid 2878] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2877] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2878] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2878] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2877] <... futex resumed>) = 0 [pid 2878] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2877] exit_group(0 [pid 2878] <... futex resumed>) = ? [pid 2877] <... exit_group resumed>) = ? [pid 2881] <... futex resumed>) = ? [pid 2878] +++ exited with 0 +++ [pid 2881] +++ exited with 0 +++ [pid 2877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2877, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./520", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./520/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./520/binderfs") = 0 [ 93.798869][ T2881] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 93.815275][ T2881] EXT4-fs (loop0): pa ffff8881e6911540: logic 16, phys. 128, len 24 [ 93.823405][ T2881] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./520/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./520/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./520") = 0 mkdir("./521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2882 ./strace-static-x86_64: Process 2882 attached [pid 2882] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2882] chdir("./521") = 0 [pid 2882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2882] setpgid(0, 0) = 0 [pid 2882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2882] write(3, "1000", 4) = 4 [pid 2882] close(3) = 0 [pid 2882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2882] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2882] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2882] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2883], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2883 [pid 2882] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2882] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2883 attached [pid 2883] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2883] memfd_create("syzkaller", 0) = 3 [pid 2883] ftruncate(3, 2097152) = 0 [pid 2883] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2883] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2883] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2883] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2883] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2883] mkdir("./file0", 0777) = 0 [pid 2883] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2883] ioctl(4, LOOP_CLR_FD) = 0 [pid 2883] close(4) = 0 [pid 2883] close(3) = 0 [pid 2883] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2882] <... futex resumed>) = 0 [pid 2883] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2882] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2882] <... futex resumed>) = 0 [pid 2883] chdir("./file0" [pid 2882] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2883] <... chdir resumed>) = 0 [pid 2883] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2882] <... futex resumed>) = 0 [pid 2883] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2882] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2882] <... futex resumed>) = 0 [pid 2883] creat("./file0", 000 [pid 2882] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2883] <... creat resumed>) = 3 [pid 2883] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2882] <... futex resumed>) = 0 [pid 2883] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2882] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2882] <... futex resumed>) = 0 [pid 2883] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2882] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2883] <... write resumed>) = 40 [pid 2882] <... futex resumed>) = 0 [pid 2883] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2883] <... futex resumed>) = 0 [pid 2882] <... mmap resumed>) = 0x7f0168051000 [pid 2883] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2882] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2882] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2886 attached , parent_tid=[2886], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2886 [pid 2886] set_robust_list(0x7f01680719e0, 24 [pid 2882] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2882] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2886] <... set_robust_list resumed>) = 0 [pid 2886] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2886] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2882] <... futex resumed>) = 0 [pid 2882] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2883] <... futex resumed>) = 0 [pid 2882] <... futex resumed>) = 1 [pid 2883] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2882] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2883] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2883] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2886] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2883] <... futex resumed>) = 1 [pid 2882] <... futex resumed>) = 0 [pid 2882] exit_group(0) = ? [pid 2883] +++ exited with 0 +++ [pid 2886] <... futex resumed>) = ? [pid 2886] +++ exited with 0 +++ [pid 2882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2882, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./521", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./521/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./521/binderfs") = 0 [ 93.935385][ T2886] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 93.952714][ T2886] EXT4-fs (loop0): pa ffff8881e69113f0: logic 16, phys. 128, len 24 [ 93.960709][ T2886] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./521/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./521/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./521") = 0 mkdir("./522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2887 attached , child_tidptr=0x55555656e5d0) = 2887 [pid 2887] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2887] chdir("./522") = 0 [pid 2887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2887] setpgid(0, 0) = 0 [pid 2887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2887] write(3, "1000", 4) = 4 [pid 2887] close(3) = 0 [pid 2887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2887] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2887] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2887] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2888 attached [pid 2888] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2888] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2887] <... clone resumed>, parent_tid=[2888], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2888 [pid 2887] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2888] <... futex resumed>) = 0 [pid 2888] memfd_create("syzkaller", 0) = 3 [pid 2888] ftruncate(3, 2097152) = 0 [pid 2888] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2888] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2888] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2888] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2888] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2888] ioctl(4, LOOP_SET_FD, 3 [pid 2887] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2888] <... ioctl resumed>) = 0 [pid 2888] mkdir("./file0", 0777) = 0 [pid 2888] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2888] ioctl(4, LOOP_CLR_FD) = 0 [pid 2888] close(4) = 0 [pid 2888] close(3) = 0 [pid 2888] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2888] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2887] <... futex resumed>) = 0 [pid 2887] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2887] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2888] <... futex resumed>) = 0 [pid 2888] chdir("./file0") = 0 [pid 2888] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2888] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2887] <... futex resumed>) = 0 [pid 2887] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2888] <... futex resumed>) = 0 [pid 2888] creat("./file0", 000 [pid 2887] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2888] <... creat resumed>) = 3 [pid 2888] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2888] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2887] <... futex resumed>) = 0 [pid 2887] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2888] <... futex resumed>) = 0 [pid 2888] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2887] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2888] <... write resumed>) = 40 [pid 2887] <... futex resumed>) = 0 [pid 2888] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2888] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2887] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2887] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2891 attached , parent_tid=[2891], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2891 [pid 2891] set_robust_list(0x7f01680719e0, 24 [pid 2887] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2891] <... set_robust_list resumed>) = 0 [pid 2887] <... futex resumed>) = 0 [pid 2891] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2887] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2891] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2891] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2891] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2887] <... futex resumed>) = 0 [pid 2887] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2888] <... futex resumed>) = 0 [pid 2887] <... futex resumed>) = 1 [pid 2888] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2887] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2888] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2888] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2887] exit_group(0 [pid 2888] <... futex resumed>) = ? [pid 2887] <... exit_group resumed>) = ? [pid 2888] +++ exited with 0 +++ [pid 2891] <... futex resumed>) = ? [pid 2891] +++ exited with 0 +++ [pid 2887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2887, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./522", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./522/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./522/binderfs") = 0 [ 94.062470][ T2891] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 94.079699][ T2891] EXT4-fs (loop0): pa ffff8881e69ba690: logic 16, phys. 128, len 24 [ 94.087724][ T2891] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./522/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./522/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./522") = 0 mkdir("./523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2892 ./strace-static-x86_64: Process 2892 attached [pid 2892] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2892] chdir("./523") = 0 [pid 2892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2892] setpgid(0, 0) = 0 [pid 2892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2892] write(3, "1000", 4) = 4 [pid 2892] close(3) = 0 [pid 2892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2892] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2892] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2892] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2893 attached , parent_tid=[2893], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2893 [pid 2892] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2892] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2893] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2893] memfd_create("syzkaller", 0) = 3 [pid 2893] ftruncate(3, 2097152) = 0 [pid 2893] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2893] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2893] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2893] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2893] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2893] mkdir("./file0", 0777) = 0 [pid 2893] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2893] ioctl(4, LOOP_CLR_FD) = 0 [pid 2893] close(4) = 0 [pid 2893] close(3) = 0 [pid 2893] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2892] <... futex resumed>) = 0 [pid 2893] chdir("./file0" [pid 2892] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2893] <... chdir resumed>) = 0 [pid 2892] <... futex resumed>) = 0 [pid 2893] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2892] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2893] <... futex resumed>) = 0 [pid 2892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2893] creat("./file0", 000 [pid 2892] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2892] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2893] <... creat resumed>) = 3 [pid 2893] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2892] <... futex resumed>) = 0 [pid 2893] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2892] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2893] <... write resumed>) = 40 [pid 2892] <... futex resumed>) = 0 [pid 2892] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2893] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2893] <... futex resumed>) = 0 [pid 2892] <... mmap resumed>) = 0x7f0168051000 [pid 2893] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2892] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2892] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2896], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2896 ./strace-static-x86_64: Process 2896 attached [pid 2892] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2896] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2896] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2892] <... futex resumed>) = 0 [pid 2892] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2896] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2896] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2892] <... futex resumed>) = 0 [pid 2892] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2892] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2893] <... futex resumed>) = 0 [pid 2893] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2893] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2892] <... futex resumed>) = 0 [pid 2892] exit_group(0) = ? [pid 2893] +++ exited with 0 +++ [pid 2896] +++ exited with 0 +++ [pid 2892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2892, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./523", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./523/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./523/binderfs") = 0 [ 94.206155][ T2896] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 94.222859][ T2896] EXT4-fs (loop0): pa ffff8881e69fed20: logic 16, phys. 128, len 24 [ 94.230859][ T2896] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./523/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./523/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./523") = 0 mkdir("./524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2897 ./strace-static-x86_64: Process 2897 attached [pid 2897] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2897] chdir("./524") = 0 [pid 2897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2897] setpgid(0, 0) = 0 [pid 2897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2897] write(3, "1000", 4) = 4 [pid 2897] close(3) = 0 [pid 2897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2897] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2897] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2897] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2898 attached , parent_tid=[2898], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2898 [pid 2898] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2898] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2898] <... futex resumed>) = 0 [pid 2898] memfd_create("syzkaller", 0 [pid 2897] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2898] <... memfd_create resumed>) = 3 [pid 2898] ftruncate(3, 2097152) = 0 [pid 2898] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2898] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2898] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2898] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2898] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2898] mkdir("./file0", 0777) = 0 [pid 2898] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2898] ioctl(4, LOOP_CLR_FD) = 0 [pid 2898] close(4) = 0 [pid 2898] close(3) = 0 [pid 2898] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2898] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] <... futex resumed>) = 0 [pid 2897] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2898] <... futex resumed>) = 0 [pid 2897] <... futex resumed>) = 1 [pid 2898] chdir("./file0" [pid 2897] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2898] <... chdir resumed>) = 0 [pid 2898] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2898] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] <... futex resumed>) = 0 [pid 2897] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2898] <... futex resumed>) = 0 [pid 2897] <... futex resumed>) = 1 [pid 2898] creat("./file0", 000 [pid 2897] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2898] <... creat resumed>) = 3 [pid 2898] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2897] <... futex resumed>) = 0 [pid 2898] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2897] <... futex resumed>) = 0 [pid 2898] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2897] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2898] <... write resumed>) = 40 [pid 2897] <... futex resumed>) = 0 [pid 2898] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2898] <... futex resumed>) = 0 [pid 2897] <... mmap resumed>) = 0x7f0168051000 [pid 2898] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2897] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2901 attached , parent_tid=[2901], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2901 [pid 2901] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2901] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2901] <... futex resumed>) = 0 [pid 2901] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2897] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2901] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2901] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2897] <... futex resumed>) = 0 [pid 2901] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2898] <... futex resumed>) = 0 [pid 2897] <... futex resumed>) = 1 [pid 2898] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2897] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2898] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2898] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2898] <... futex resumed>) = 0 [pid 2898] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2897] exit_group(0 [pid 2898] <... futex resumed>) = ? [pid 2897] <... exit_group resumed>) = ? [pid 2898] +++ exited with 0 +++ [pid 2901] <... futex resumed>) = ? [pid 2901] +++ exited with 0 +++ [pid 2897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2897, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./524", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./524/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./524/binderfs") = 0 [ 94.330248][ T2901] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 94.348043][ T2901] EXT4-fs (loop0): pa ffff8881e69ba3f0: logic 16, phys. 128, len 24 [ 94.356140][ T2901] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./524/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./524/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./524") = 0 mkdir("./525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2902 ./strace-static-x86_64: Process 2902 attached [pid 2902] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2902] chdir("./525") = 0 [pid 2902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2902] setpgid(0, 0) = 0 [pid 2902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2902] write(3, "1000", 4) = 4 [pid 2902] close(3) = 0 [pid 2902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2902] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2902] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2902] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2903], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2903 [pid 2902] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2902] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2903 attached [pid 2903] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2903] memfd_create("syzkaller", 0) = 3 [pid 2903] ftruncate(3, 2097152) = 0 [pid 2903] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2903] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2903] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2903] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2903] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2903] mkdir("./file0", 0777) = 0 [pid 2903] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2903] ioctl(4, LOOP_CLR_FD) = 0 [pid 2903] close(4) = 0 [pid 2903] close(3) = 0 [pid 2903] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2902] <... futex resumed>) = 0 [pid 2902] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2903] chdir("./file0" [pid 2902] <... futex resumed>) = 0 [pid 2903] <... chdir resumed>) = 0 [pid 2902] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2903] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2902] <... futex resumed>) = 0 [pid 2903] <... futex resumed>) = 1 [pid 2902] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2903] creat("./file0", 000 [pid 2902] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2903] <... creat resumed>) = 3 [pid 2903] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2902] <... futex resumed>) = 0 [pid 2903] <... futex resumed>) = 1 [pid 2902] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2902] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2903] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2902] <... futex resumed>) = 0 [pid 2902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2902] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2902] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2906], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2906 [pid 2902] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2902] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2906 attached [pid 2903] <... write resumed>) = 40 [pid 2903] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2906] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2903] <... futex resumed>) = 0 [pid 2906] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2903] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2906] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2906] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2902] <... futex resumed>) = 0 [pid 2906] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2902] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2903] <... futex resumed>) = 0 [pid 2902] <... futex resumed>) = 1 [pid 2903] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2902] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2903] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2903] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2903] <... futex resumed>) = 0 [pid 2903] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2902] exit_group(0 [pid 2906] <... futex resumed>) = ? [pid 2903] <... futex resumed>) = ? [pid 2902] <... exit_group resumed>) = ? [pid 2903] +++ exited with 0 +++ [ 94.469449][ T2903] EXT4-fs mount: 148 callbacks suppressed [ 94.469461][ T2903] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 94.494380][ T2906] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 2906] +++ exited with 0 +++ [pid 2902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2902, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./525", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./525/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./525/binderfs") = 0 [ 94.512009][ T2906] EXT4-fs (loop0): pa ffff8881e69bae70: logic 16, phys. 128, len 24 [ 94.520062][ T2906] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./525/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./525/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./525") = 0 mkdir("./526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2907 attached , child_tidptr=0x55555656e5d0) = 2907 [pid 2907] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2907] chdir("./526") = 0 [pid 2907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2907] setpgid(0, 0) = 0 [pid 2907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2907] write(3, "1000", 4) = 4 [pid 2907] close(3) = 0 [pid 2907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2907] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2907] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2907] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2908 attached , parent_tid=[2908], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2908 [pid 2908] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2908] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2907] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2908] <... futex resumed>) = 0 [pid 2907] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2908] memfd_create("syzkaller", 0) = 3 [pid 2908] ftruncate(3, 2097152) = 0 [pid 2908] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2908] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2908] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2908] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2908] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2908] mkdir("./file0", 0777) = 0 [pid 2908] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2908] ioctl(4, LOOP_CLR_FD) = 0 [pid 2908] close(4) = 0 [pid 2908] close(3) = 0 [pid 2908] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2907] <... futex resumed>) = 0 [pid 2907] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2908] chdir("./file0" [pid 2907] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2908] <... chdir resumed>) = 0 [pid 2908] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2907] <... futex resumed>) = 0 [pid 2908] <... futex resumed>) = 1 [pid 2908] creat("./file0", 000 [pid 2907] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2908] <... creat resumed>) = 3 [pid 2908] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2907] <... futex resumed>) = 0 [pid 2908] <... futex resumed>) = 1 [pid 2907] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2907] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2908] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2907] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2911], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2911 [pid 2907] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2907] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2911 attached [pid 2908] <... write resumed>) = 40 [pid 2911] set_robust_list(0x7f01680719e0, 24 [pid 2908] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2911] <... set_robust_list resumed>) = 0 [pid 2908] <... futex resumed>) = 0 [pid 2911] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2908] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2911] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2911] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2907] <... futex resumed>) = 0 [pid 2911] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2907] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2908] <... futex resumed>) = 0 [pid 2907] <... futex resumed>) = 1 [pid 2908] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2908] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2908] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2907] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2907] exit_group(0 [pid 2911] <... futex resumed>) = ? [pid 2908] <... futex resumed>) = ? [pid 2907] <... exit_group resumed>) = ? [pid 2908] +++ exited with 0 +++ [ 94.609120][ T2908] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 94.628802][ T2911] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 94.646827][ T2911] EXT4-fs (loop0): pa ffff8881e69ba930: logic 16, phys. 128, len 24 [pid 2911] +++ exited with 0 +++ [pid 2907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2907, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./526", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./526/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./526/binderfs") = 0 [ 94.654887][ T2911] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./526/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./526/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./526") = 0 mkdir("./527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2912 attached , child_tidptr=0x55555656e5d0) = 2912 [pid 2912] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2912] chdir("./527") = 0 [pid 2912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2912] setpgid(0, 0) = 0 [pid 2912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2912] write(3, "1000", 4) = 4 [pid 2912] close(3) = 0 [pid 2912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2912] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2912] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2912] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2913 attached , parent_tid=[2913], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2913 [pid 2913] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2913] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2912] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2913] <... futex resumed>) = 0 [pid 2912] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2913] memfd_create("syzkaller", 0) = 3 [pid 2913] ftruncate(3, 2097152) = 0 [pid 2913] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2913] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2913] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2913] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2913] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2913] mkdir("./file0", 0777) = 0 [pid 2913] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2913] ioctl(4, LOOP_CLR_FD) = 0 [pid 2913] close(4) = 0 [pid 2913] close(3) = 0 [pid 2913] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2912] <... futex resumed>) = 0 [pid 2912] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2913] <... futex resumed>) = 1 [pid 2913] chdir("./file0") = 0 [pid 2913] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2912] <... futex resumed>) = 0 [pid 2912] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2913] <... futex resumed>) = 1 [pid 2913] creat("./file0", 000) = 3 [pid 2913] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2912] <... futex resumed>) = 0 [pid 2912] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2912] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2912] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2916], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2916 [pid 2912] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2912] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2913] <... futex resumed>) = 1 [pid 2913] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2913] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2913] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2916 attached [pid 2916] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2916] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2916] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2912] <... futex resumed>) = 0 [pid 2916] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2912] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2913] <... futex resumed>) = 0 [pid 2912] <... futex resumed>) = 1 [pid 2913] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2913] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2913] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2912] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2912] exit_group(0 [pid 2913] <... futex resumed>) = ? [pid 2912] <... exit_group resumed>) = ? [pid 2913] +++ exited with 0 +++ [pid 2916] <... futex resumed>) = ? [ 94.797320][ T2913] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 94.822504][ T2916] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 2916] +++ exited with 0 +++ [pid 2912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2912, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./527", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./527/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./527/binderfs") = 0 [ 94.840354][ T2916] EXT4-fs (loop0): pa ffff8881e69ba000: logic 16, phys. 128, len 24 [ 94.848331][ T2916] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./527/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./527/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./527") = 0 mkdir("./528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2917 ./strace-static-x86_64: Process 2917 attached [pid 2917] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2917] chdir("./528") = 0 [pid 2917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2917] setpgid(0, 0) = 0 [pid 2917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2917] write(3, "1000", 4) = 4 [pid 2917] close(3) = 0 [pid 2917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2917] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2917] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2917] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2918], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2918 [pid 2917] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2917] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2918 attached [pid 2918] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2918] memfd_create("syzkaller", 0) = 3 [pid 2918] ftruncate(3, 2097152) = 0 [pid 2918] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2918] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2918] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2918] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2918] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2918] mkdir("./file0", 0777) = 0 [pid 2918] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2918] ioctl(4, LOOP_CLR_FD) = 0 [pid 2918] close(4) = 0 [pid 2918] close(3) = 0 [pid 2918] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2917] <... futex resumed>) = 0 [pid 2917] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2917] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2918] chdir("./file0") = 0 [pid 2918] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2917] <... futex resumed>) = 0 [pid 2917] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2917] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2918] creat("./file0", 000) = 3 [pid 2918] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2917] <... futex resumed>) = 0 [pid 2917] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2917] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2917] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2917] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2921 attached [pid 2921] set_robust_list(0x7f01680719e0, 24 [pid 2917] <... clone resumed>, parent_tid=[2921], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2921 [pid 2921] <... set_robust_list resumed>) = 0 [pid 2917] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2921] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2917] <... futex resumed>) = 0 [pid 2917] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2918] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2921] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2921] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2918] <... write resumed>) = 40 [pid 2918] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2918] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2921] <... futex resumed>) = 1 [pid 2917] <... futex resumed>) = 0 [pid 2917] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2918] <... futex resumed>) = 0 [pid 2917] <... futex resumed>) = 1 [pid 2918] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2917] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2918] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2918] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2921] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2917] <... futex resumed>) = 0 [pid 2918] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2917] exit_group(0) = ? [pid 2918] <... futex resumed>) = ? [pid 2918] +++ exited with 0 +++ [pid 2921] <... futex resumed>) = ? [pid 2921] +++ exited with 0 +++ [pid 2917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2917, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./528", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./528/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./528/binderfs") = 0 [ 94.953306][ T2918] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 94.972763][ T2921] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./528/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./528/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./528") = 0 mkdir("./529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2922 attached , child_tidptr=0x55555656e5d0) = 2922 [pid 2922] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2922] chdir("./529") = 0 [pid 2922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2922] setpgid(0, 0) = 0 [pid 2922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2922] write(3, "1000", 4) = 4 [pid 2922] close(3) = 0 [pid 2922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2922] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2922] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2922] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2923], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2923 [pid 2922] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2922] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2923 attached [pid 2923] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2923] memfd_create("syzkaller", 0) = 3 [pid 2923] ftruncate(3, 2097152) = 0 [pid 2923] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2923] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2923] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2923] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2923] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2923] mkdir("./file0", 0777) = 0 [pid 2923] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2923] ioctl(4, LOOP_CLR_FD) = 0 [pid 2923] close(4) = 0 [pid 2923] close(3) = 0 [pid 2923] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2922] <... futex resumed>) = 0 [pid 2923] chdir("./file0" [pid 2922] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2923] <... chdir resumed>) = 0 [pid 2922] <... futex resumed>) = 0 [pid 2923] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2922] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2923] <... futex resumed>) = 0 [pid 2922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2923] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2922] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2922] <... futex resumed>) = 0 [pid 2923] creat("./file0", 000 [pid 2922] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2923] <... creat resumed>) = 3 [pid 2923] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2922] <... futex resumed>) = 0 [pid 2923] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2922] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2923] <... write resumed>) = 40 [pid 2922] <... futex resumed>) = 0 [pid 2923] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2922] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2923] <... futex resumed>) = 0 [pid 2922] <... futex resumed>) = 0 [pid 2923] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2922] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2923] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2923] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2922] <... futex resumed>) = 0 [pid 2922] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2922] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2923] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2923] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2923] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2922] <... futex resumed>) = 0 [pid 2922] exit_group(0) = ? [pid 2923] <... futex resumed>) = ? [pid 2923] +++ exited with 0 +++ [pid 2922] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2922, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 95.108308][ T2923] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 95.122429][ T2923] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 95.141036][ T2923] EXT4-fs (loop0): pa ffff8881e69badc8: logic 16, phys. 128, len 24 umount2("./529", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./529/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./529/binderfs") = 0 [ 95.149009][ T2923] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./529/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./529/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./529") = 0 mkdir("./530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2926 ./strace-static-x86_64: Process 2926 attached [pid 2926] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2926] chdir("./530") = 0 [pid 2926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2926] setpgid(0, 0) = 0 [pid 2926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2926] write(3, "1000", 4) = 4 [pid 2926] close(3) = 0 [pid 2926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2926] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2926] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2926] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2927 attached [pid 2927] set_robust_list(0x7f01680929e0, 24 [pid 2926] <... clone resumed>, parent_tid=[2927], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2927 [pid 2926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2927] <... set_robust_list resumed>) = 0 [pid 2926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2927] memfd_create("syzkaller", 0) = 3 [pid 2927] ftruncate(3, 2097152) = 0 [pid 2927] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2927] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2927] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2927] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2927] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2927] mkdir("./file0", 0777) = 0 [pid 2927] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2927] ioctl(4, LOOP_CLR_FD) = 0 [pid 2927] close(4) = 0 [pid 2927] close(3) = 0 [pid 2927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2926] <... futex resumed>) = 0 [pid 2926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2927] chdir("./file0") = 0 [pid 2927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2926] <... futex resumed>) = 0 [pid 2926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2927] creat("./file0", 000) = 3 [pid 2927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2926] <... futex resumed>) = 0 [pid 2927] <... futex resumed>) = 1 [pid 2926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2927] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2926] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2926] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2926] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2930], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2930 [pid 2926] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2926] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2930 attached [pid 2930] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2930] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2930] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2927] <... write resumed>) = 40 [pid 2927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2927] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2930] <... futex resumed>) = 1 [pid 2926] <... futex resumed>) = 0 [pid 2926] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2927] <... futex resumed>) = 0 [pid 2926] <... futex resumed>) = 1 [pid 2927] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2926] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2927] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2927] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2927] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2926] <... futex resumed>) = 0 [pid 2926] exit_group(0) = ? [pid 2927] <... futex resumed>) = ? [pid 2927] +++ exited with 0 +++ [pid 2930] +++ exited with 0 +++ [pid 2926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2926, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./530", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./530/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./530/binderfs") = 0 [ 95.272472][ T2927] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 95.291568][ T2930] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./530/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./530/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./530") = 0 mkdir("./531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2931 attached , child_tidptr=0x55555656e5d0) = 2931 [pid 2931] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2931] chdir("./531") = 0 [pid 2931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2931] setpgid(0, 0) = 0 [pid 2931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2931] write(3, "1000", 4) = 4 [pid 2931] close(3) = 0 [pid 2931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2931] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2931] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2931] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2932 attached [pid 2932] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2931] <... clone resumed>, parent_tid=[2932], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2932 [pid 2931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2932] <... futex resumed>) = 0 [pid 2931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2932] memfd_create("syzkaller", 0) = 3 [pid 2932] ftruncate(3, 2097152) = 0 [pid 2932] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2932] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2932] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2932] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2932] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2932] mkdir("./file0", 0777) = 0 [pid 2932] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2932] ioctl(4, LOOP_CLR_FD) = 0 [pid 2932] close(4) = 0 [pid 2932] close(3) = 0 [pid 2932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2931] <... futex resumed>) = 0 [pid 2931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2932] <... futex resumed>) = 1 [pid 2932] chdir("./file0") = 0 [pid 2932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2931] <... futex resumed>) = 0 [pid 2931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2932] creat("./file0", 000 [pid 2931] <... futex resumed>) = 0 [pid 2931] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2932] <... creat resumed>) = 3 [pid 2932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2931] <... futex resumed>) = 0 [pid 2932] <... futex resumed>) = 1 [pid 2931] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2932] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2931] <... futex resumed>) = 0 [pid 2931] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2931] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2931] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2935 attached [pid 2935] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2935] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2931] <... clone resumed>, parent_tid=[2935], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2935 [pid 2931] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2935] <... futex resumed>) = 0 [pid 2931] <... futex resumed>) = 1 [pid 2931] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2935] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EOPNOTSUPP (Operation not supported) [pid 2932] <... write resumed>) = 40 [pid 2935] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2931] <... futex resumed>) = 0 [pid 2935] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2931] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2935] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2931] <... futex resumed>) = 0 [pid 2935] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2931] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2935] <... futex resumed>) = 0 [pid 2935] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2932] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2932] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2931] exit_group(0) = ? [pid 2935] <... futex resumed>) = ? [pid 2935] +++ exited with 0 +++ [pid 2932] <... futex resumed>) = ? [pid 2932] +++ exited with 0 +++ [pid 2931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2931, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./531", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./531/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./531/binderfs") = 0 [ 95.431117][ T2932] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./531/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./531/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./531") = 0 mkdir("./532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2936 ./strace-static-x86_64: Process 2936 attached [pid 2936] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2936] chdir("./532") = 0 [pid 2936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2936] setpgid(0, 0) = 0 [pid 2936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2936] write(3, "1000", 4) = 4 [pid 2936] close(3) = 0 [pid 2936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2936] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2936] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2936] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2937], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2937 [pid 2936] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2937 attached [pid 2937] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2937] memfd_create("syzkaller", 0) = 3 [pid 2937] ftruncate(3, 2097152) = 0 [pid 2937] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2937] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2937] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2937] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2937] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2937] mkdir("./file0", 0777) = 0 [pid 2937] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2937] ioctl(4, LOOP_CLR_FD) = 0 [pid 2937] close(4) = 0 [pid 2937] close(3) = 0 [pid 2937] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2936] <... futex resumed>) = 0 [pid 2936] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2937] chdir("./file0") = 0 [pid 2937] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2936] <... futex resumed>) = 0 [pid 2937] <... futex resumed>) = 1 [pid 2936] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2937] creat("./file0", 000) = 3 [pid 2937] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2936] <... futex resumed>) = 0 [pid 2936] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2936] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2936] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2940 attached [pid 2940] set_robust_list(0x7f01680719e0, 24 [pid 2936] <... clone resumed>, parent_tid=[2940], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2940 [pid 2940] <... set_robust_list resumed>) = 0 [pid 2936] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2940] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2936] <... futex resumed>) = 0 [pid 2936] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2937] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2940] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2940] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2937] <... write resumed>) = 40 [pid 2937] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2937] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2940] <... futex resumed>) = 1 [pid 2936] <... futex resumed>) = 0 [pid 2936] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2936] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2940] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2937] <... futex resumed>) = 0 [pid 2937] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2937] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2936] <... futex resumed>) = 0 [pid 2936] exit_group(0) = ? [pid 2940] <... futex resumed>) = ? [pid 2937] <... futex resumed>) = ? [pid 2937] +++ exited with 0 +++ [pid 2940] +++ exited with 0 +++ [pid 2936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2936, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./532", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./532/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./532/binderfs") = 0 [ 95.537044][ T2937] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 95.555021][ T2940] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./532/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./532/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./532") = 0 mkdir("./533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2941 ./strace-static-x86_64: Process 2941 attached [pid 2941] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2941] chdir("./533") = 0 [pid 2941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2941] setpgid(0, 0) = 0 [pid 2941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2941] write(3, "1000", 4) = 4 [pid 2941] close(3) = 0 [pid 2941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2941] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2941] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2941] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2942 attached [pid 2942] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2942] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2941] <... clone resumed>, parent_tid=[2942], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2942 [pid 2941] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2942] <... futex resumed>) = 0 [pid 2942] memfd_create("syzkaller", 0) = 3 [pid 2942] ftruncate(3, 2097152) = 0 [pid 2942] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2942] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2942] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2942] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2942] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2942] ioctl(4, LOOP_SET_FD, 3 [pid 2941] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2942] <... ioctl resumed>) = 0 [pid 2942] mkdir("./file0", 0777) = 0 [pid 2942] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2942] ioctl(4, LOOP_CLR_FD) = 0 [pid 2942] close(4) = 0 [pid 2942] close(3) = 0 [pid 2942] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2941] <... futex resumed>) = 0 [pid 2941] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2942] chdir("./file0" [pid 2941] <... futex resumed>) = 0 [pid 2941] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] <... chdir resumed>) = 0 [pid 2942] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2941] <... futex resumed>) = 0 [pid 2942] <... futex resumed>) = 1 [pid 2941] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2942] creat("./file0", 000 [pid 2941] <... futex resumed>) = 0 [pid 2941] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] <... creat resumed>) = 3 [pid 2942] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2941] <... futex resumed>) = 0 [pid 2942] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2941] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2941] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2942] <... write resumed>) = 40 [pid 2942] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2941] <... mmap resumed>) = 0x7f0168051000 [pid 2941] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2942] <... futex resumed>) = 0 [pid 2942] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2941] <... mprotect resumed>) = 0 [pid 2941] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2945 attached [pid 2945] set_robust_list(0x7f01680719e0, 24 [pid 2941] <... clone resumed>, parent_tid=[2945], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2945 [pid 2945] <... set_robust_list resumed>) = 0 [pid 2945] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2941] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2941] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2945] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2945] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2941] <... futex resumed>) = 0 [pid 2945] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2941] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2942] <... futex resumed>) = 0 [pid 2941] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2942] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2942] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2942] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2941] <... futex resumed>) = 0 [pid 2941] exit_group(0) = ? [pid 2945] <... futex resumed>) = ? [pid 2945] +++ exited with 0 +++ [pid 2942] <... futex resumed>) = ? [ 95.669195][ T2942] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 95.685658][ T2945] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 95.701809][ T2942] EXT4-fs (loop0): pa ffff8881e6ba6888: logic 16, phys. 128, len 24 [pid 2942] +++ exited with 0 +++ [pid 2941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2941, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./533", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./533/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./533/binderfs") = 0 [ 95.709769][ T2942] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./533/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./533/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./533") = 0 mkdir("./534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2946 ./strace-static-x86_64: Process 2946 attached [pid 2946] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2946] chdir("./534") = 0 [pid 2946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2946] setpgid(0, 0) = 0 [pid 2946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2946] write(3, "1000", 4) = 4 [pid 2946] close(3) = 0 [pid 2946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2946] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2946] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2946] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2947], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2947 ./strace-static-x86_64: Process 2947 attached [pid 2947] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2947] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2946] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2947] <... futex resumed>) = 0 [pid 2947] memfd_create("syzkaller", 0 [pid 2946] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2947] <... memfd_create resumed>) = 3 [pid 2947] ftruncate(3, 2097152) = 0 [pid 2947] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2947] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2947] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2947] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2947] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2947] mkdir("./file0", 0777) = 0 [pid 2947] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2947] ioctl(4, LOOP_CLR_FD) = 0 [pid 2947] close(4) = 0 [pid 2947] close(3) = 0 [pid 2947] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2946] <... futex resumed>) = 0 [pid 2946] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2946] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2947] chdir("./file0") = 0 [pid 2947] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2946] <... futex resumed>) = 0 [pid 2946] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2947] creat("./file0", 000 [pid 2946] <... futex resumed>) = 0 [pid 2946] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2947] <... creat resumed>) = 3 [pid 2947] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2946] <... futex resumed>) = 0 [pid 2946] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2947] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2946] <... futex resumed>) = 0 [pid 2946] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2946] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2946] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2950 attached , parent_tid=[2950], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2950 [pid 2946] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2950] set_robust_list(0x7f01680719e0, 24 [pid 2946] <... futex resumed>) = 0 [pid 2950] <... set_robust_list resumed>) = 0 [pid 2946] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2950] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2950] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2946] <... futex resumed>) = 0 [pid 2950] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2946] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2950] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2946] <... futex resumed>) = 0 [pid 2950] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2946] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2950] <... futex resumed>) = 0 [pid 2946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2950] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2947] <... write resumed>) = 40 [pid 2947] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2947] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2946] exit_group(0) = ? [pid 2947] <... futex resumed>) = 231 [pid 2950] <... futex resumed>) = ? [pid 2950] +++ exited with 0 +++ [pid 2947] +++ exited with 0 +++ [pid 2946] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2946, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./534", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./534/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./534/binderfs") = 0 [ 95.803362][ T2947] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 95.823942][ T2950] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./534/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./534/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./534") = 0 mkdir("./535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2951 ./strace-static-x86_64: Process 2951 attached [pid 2951] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2951] chdir("./535") = 0 [pid 2951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2951] setpgid(0, 0) = 0 [pid 2951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2951] write(3, "1000", 4) = 4 [pid 2951] close(3) = 0 [pid 2951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2951] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2951] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2951] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2952], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2952 [pid 2951] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2951] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2952 attached [pid 2952] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2952] memfd_create("syzkaller", 0) = 3 [pid 2952] ftruncate(3, 2097152) = 0 [pid 2952] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2952] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2952] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2952] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2952] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2952] mkdir("./file0", 0777) = 0 [pid 2952] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2952] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2952] ioctl(4, LOOP_CLR_FD) = 0 [pid 2952] close(4) = 0 [pid 2952] close(3) = 0 [pid 2952] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2951] <... futex resumed>) = 0 [pid 2951] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] chdir("./file0" [pid 2951] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2952] <... chdir resumed>) = 0 [pid 2952] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2951] <... futex resumed>) = 0 [pid 2951] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] creat("./file0", 000 [pid 2951] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2952] <... creat resumed>) = 3 [pid 2952] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2951] <... futex resumed>) = 0 [pid 2952] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2951] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2951] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2951] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2951] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2955 attached , parent_tid=[2955], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2955 [pid 2955] set_robust_list(0x7f01680719e0, 24 [pid 2951] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2955] <... set_robust_list resumed>) = 0 [pid 2951] <... futex resumed>) = 0 [pid 2955] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2951] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2955] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2955] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2951] <... futex resumed>) = 0 [pid 2955] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2951] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2955] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2955] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2955] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2951] <... futex resumed>) = 1 [pid 2955] <... futex resumed>) = 0 [pid 2951] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2955] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2952] <... write resumed>) = 40 [pid 2952] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2952] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2951] exit_group(0) = ? [pid 2955] <... futex resumed>) = ? [pid 2955] +++ exited with 0 +++ [pid 2952] <... futex resumed>) = ? [pid 2952] +++ exited with 0 +++ [pid 2951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2951, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./535", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./535/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./535/binderfs") = 0 [ 95.915127][ T2952] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 95.934951][ T2955] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./535/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./535/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./535") = 0 mkdir("./536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2956 ./strace-static-x86_64: Process 2956 attached [pid 2956] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2956] chdir("./536") = 0 [pid 2956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2956] setpgid(0, 0) = 0 [pid 2956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2956] write(3, "1000", 4) = 4 [pid 2956] close(3) = 0 [pid 2956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2956] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2956] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2956] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2957 attached [pid 2957] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2957] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2956] <... clone resumed>, parent_tid=[2957], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2957 [pid 2956] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2957] <... futex resumed>) = 0 [pid 2956] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2957] memfd_create("syzkaller", 0) = 3 [pid 2957] ftruncate(3, 2097152) = 0 [pid 2957] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2957] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2957] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2957] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2957] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2957] mkdir("./file0", 0777) = 0 [pid 2957] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2957] ioctl(4, LOOP_CLR_FD) = 0 [pid 2957] close(4) = 0 [pid 2957] close(3) = 0 [pid 2957] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2956] <... futex resumed>) = 0 [pid 2956] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2956] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2957] chdir("./file0") = 0 [pid 2957] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2956] <... futex resumed>) = 0 [pid 2956] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2956] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2957] creat("./file0", 000) = 3 [pid 2957] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2956] <... futex resumed>) = 0 [pid 2956] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2956] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2957] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2956] <... mmap resumed>) = 0x7f0168051000 [pid 2956] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2956] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2957] <... write resumed>) = 40 ./strace-static-x86_64: Process 2960 attached [pid 2956] <... clone resumed>, parent_tid=[2960], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2960 [pid 2956] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2956] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2960] set_robust_list(0x7f01680719e0, 24 [pid 2957] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2960] <... set_robust_list resumed>) = 0 [pid 2957] <... futex resumed>) = 0 [pid 2960] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2957] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2960] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2960] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2956] <... futex resumed>) = 0 [pid 2956] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2956] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2957] <... futex resumed>) = 0 [pid 2957] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2957] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2960] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2957] <... futex resumed>) = 1 [pid 2956] <... futex resumed>) = 0 [pid 2957] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2956] exit_group(0 [pid 2957] <... futex resumed>) = ? [pid 2956] <... exit_group resumed>) = ? [pid 2960] <... futex resumed>) = ? [pid 2957] +++ exited with 0 +++ [ 96.032829][ T2957] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 96.053267][ T2960] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 96.070261][ T2960] EXT4-fs (loop0): pa ffff8881e6ba65e8: logic 16, phys. 128, len 24 [pid 2960] +++ exited with 0 +++ [pid 2956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2956, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./536", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./536/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./536/binderfs") = 0 [ 96.078253][ T2960] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./536/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./536/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./536") = 0 mkdir("./537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2961 ./strace-static-x86_64: Process 2961 attached [pid 2961] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2961] chdir("./537") = 0 [pid 2961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2961] setpgid(0, 0) = 0 [pid 2961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2961] write(3, "1000", 4) = 4 [pid 2961] close(3) = 0 [pid 2961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2961] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2961] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2961] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2962], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2962 [pid 2961] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 2962 attached [pid 2962] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2962] memfd_create("syzkaller", 0) = 3 [pid 2962] ftruncate(3, 2097152) = 0 [pid 2962] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2962] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2962] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2962] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2962] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2962] mkdir("./file0", 0777) = 0 [pid 2962] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2962] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2962] ioctl(4, LOOP_CLR_FD) = 0 [pid 2962] close(4) = 0 [pid 2962] close(3) = 0 [pid 2962] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = 0 [pid 2961] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] <... futex resumed>) = 1 [pid 2962] chdir("./file0") = 0 [pid 2962] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = 0 [pid 2961] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] <... futex resumed>) = 1 [pid 2962] creat("./file0", 000) = 3 [pid 2962] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = 0 [pid 2961] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2961] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2961] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2965], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2965 [pid 2961] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2961] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] <... futex resumed>) = 1 [pid 2962] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2962] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2962] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2965 attached [pid 2965] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2965] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2965] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2961] <... futex resumed>) = 0 [pid 2965] <... futex resumed>) = 1 [pid 2961] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2965] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2962] <... futex resumed>) = 0 [pid 2961] <... futex resumed>) = 1 [pid 2962] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2961] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2962] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2962] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2961] <... futex resumed>) = 0 [pid 2962] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2961] exit_group(0) = ? [pid 2962] <... futex resumed>) = 231 [pid 2962] +++ exited with 0 +++ [pid 2965] <... futex resumed>) = ? [ 96.201506][ T2962] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 96.224710][ T2965] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 96.241084][ T2965] EXT4-fs (loop0): pa ffff8881e69fe5e8: logic 16, phys. 128, len 24 [pid 2965] +++ exited with 0 +++ [pid 2961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2961, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./537", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./537/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./537/binderfs") = 0 [ 96.249062][ T2965] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./537/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./537/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./537") = 0 mkdir("./538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 2966 attached , child_tidptr=0x55555656e5d0) = 2966 [pid 2966] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2966] chdir("./538") = 0 [pid 2966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2966] setpgid(0, 0) = 0 [pid 2966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2966] write(3, "1000", 4) = 4 [pid 2966] close(3) = 0 [pid 2966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2966] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2966] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2966] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2967 attached [pid 2967] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2967] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2966] <... clone resumed>, parent_tid=[2967], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2967 [pid 2966] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2967] <... futex resumed>) = 0 [pid 2967] memfd_create("syzkaller", 0 [pid 2966] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2967] <... memfd_create resumed>) = 3 [pid 2967] ftruncate(3, 2097152) = 0 [pid 2967] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2967] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2967] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2967] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2967] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2967] mkdir("./file0", 0777) = 0 [pid 2967] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2967] ioctl(4, LOOP_CLR_FD) = 0 [pid 2967] close(4) = 0 [pid 2967] close(3) = 0 [pid 2967] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2966] <... futex resumed>) = 0 [pid 2966] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2967] chdir("./file0" [pid 2966] <... futex resumed>) = 0 [pid 2966] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2967] <... chdir resumed>) = 0 [pid 2967] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2966] <... futex resumed>) = 0 [pid 2966] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2967] creat("./file0", 000 [pid 2966] <... futex resumed>) = 0 [pid 2966] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2967] <... creat resumed>) = 3 [pid 2967] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2966] <... futex resumed>) = 0 [pid 2967] <... futex resumed>) = 1 [pid 2966] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2967] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2966] <... futex resumed>) = 0 [pid 2966] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2966] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2966] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2970 attached , parent_tid=[2970], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2970 [pid 2970] set_robust_list(0x7f01680719e0, 24 [pid 2966] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2970] <... set_robust_list resumed>) = 0 [pid 2966] <... futex resumed>) = 0 [pid 2970] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2966] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2967] <... write resumed>) = 40 [pid 2970] <... fallocate resumed>) = -1 EOPNOTSUPP (Operation not supported) [pid 2970] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2966] <... futex resumed>) = 0 [pid 2970] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2966] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2970] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2966] <... futex resumed>) = 0 [pid 2970] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2966] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2970] <... futex resumed>) = 0 [pid 2970] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2967] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2967] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2966] exit_group(0) = ? [pid 2970] <... futex resumed>) = ? [pid 2967] <... futex resumed>) = ? [pid 2970] +++ exited with 0 +++ [pid 2967] +++ exited with 0 +++ [pid 2966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2966, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./538", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./538/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./538/binderfs") = 0 umount2("./538/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./538/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./538/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./538/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./538") = 0 mkdir("./539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 96.404422][ T2967] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2971 ./strace-static-x86_64: Process 2971 attached [pid 2971] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2971] chdir("./539") = 0 [pid 2971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2971] setpgid(0, 0) = 0 [pid 2971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2971] write(3, "1000", 4) = 4 [pid 2971] close(3) = 0 [pid 2971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2971] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2971] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2971] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2972 attached [pid 2972] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2972] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2971] <... clone resumed>, parent_tid=[2972], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2972 [pid 2971] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2972] <... futex resumed>) = 0 [pid 2971] <... futex resumed>) = 1 [pid 2972] memfd_create("syzkaller", 0) = 3 [pid 2972] ftruncate(3, 2097152) = 0 [pid 2972] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2972] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2972] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2972] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2972] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2972] ioctl(4, LOOP_SET_FD, 3 [pid 2971] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2972] <... ioctl resumed>) = 0 [pid 2972] mkdir("./file0", 0777) = 0 [pid 2972] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2972] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2972] ioctl(4, LOOP_CLR_FD) = 0 [pid 2972] close(4) = 0 [pid 2972] close(3) = 0 [pid 2972] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2971] <... futex resumed>) = 0 [pid 2972] <... futex resumed>) = 1 [pid 2971] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2972] chdir("./file0" [pid 2971] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] <... chdir resumed>) = 0 [pid 2972] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2971] <... futex resumed>) = 0 [pid 2972] <... futex resumed>) = 1 [pid 2971] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2972] creat("./file0", 000 [pid 2971] <... futex resumed>) = 0 [pid 2971] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] <... creat resumed>) = 3 [pid 2972] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2971] <... futex resumed>) = 0 [pid 2971] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2972] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2971] <... futex resumed>) = 0 [pid 2971] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2971] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE [pid 2972] <... write resumed>) = 40 [pid 2972] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2971] <... mprotect resumed>) = 0 [pid 2971] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 2972] <... futex resumed>) = 0 ./strace-static-x86_64: Process 2975 attached [pid 2971] <... clone resumed>, parent_tid=[2975], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2975 [pid 2975] set_robust_list(0x7f01680719e0, 24 [pid 2971] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2975] <... set_robust_list resumed>) = 0 [pid 2971] <... futex resumed>) = 0 [pid 2975] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2971] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2975] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2975] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2971] <... futex resumed>) = 0 [pid 2975] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2971] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2972] <... futex resumed>) = 0 [pid 2971] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2972] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2972] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2971] <... futex resumed>) = 0 [pid 2972] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2971] exit_group(0 [pid 2975] <... futex resumed>) = ? [pid 2971] <... exit_group resumed>) = ? [pid 2975] +++ exited with 0 +++ [pid 2972] <... futex resumed>) = ? [ 96.475619][ T2972] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 96.495256][ T2975] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 96.511397][ T2972] EXT4-fs (loop0): pa ffff8881e6ba6bd0: logic 16, phys. 128, len 24 [pid 2972] +++ exited with 0 +++ [pid 2971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2971, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./539", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./539/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./539/binderfs") = 0 [ 96.519359][ T2972] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./539/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./539/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./539") = 0 mkdir("./540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2976 ./strace-static-x86_64: Process 2976 attached [pid 2976] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2976] chdir("./540") = 0 [pid 2976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2976] setpgid(0, 0) = 0 [pid 2976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2976] write(3, "1000", 4) = 4 [pid 2976] close(3) = 0 [pid 2976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2976] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2976] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2976] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2977 attached [pid 2977] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2977] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2976] <... clone resumed>, parent_tid=[2977], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2977 [pid 2976] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2977] <... futex resumed>) = 0 [pid 2977] memfd_create("syzkaller", 0 [pid 2976] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2977] <... memfd_create resumed>) = 3 [pid 2977] ftruncate(3, 2097152) = 0 [pid 2977] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2977] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2977] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2977] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2977] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2977] mkdir("./file0", 0777) = 0 [pid 2977] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2977] ioctl(4, LOOP_CLR_FD) = 0 [pid 2977] close(4) = 0 [pid 2977] close(3) = 0 [pid 2977] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2976] <... futex resumed>) = 0 [pid 2977] chdir("./file0" [pid 2976] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2977] <... chdir resumed>) = 0 [pid 2976] <... futex resumed>) = 0 [pid 2977] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2976] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2977] <... futex resumed>) = 0 [pid 2976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2977] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2976] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2976] <... futex resumed>) = 0 [pid 2977] creat("./file0", 000 [pid 2976] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2977] <... creat resumed>) = 3 [pid 2977] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2976] <... futex resumed>) = 0 [pid 2976] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2976] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2976] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2976] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2980], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2980 [pid 2977] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2976] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2976] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2980 attached [pid 2980] set_robust_list(0x7f01680719e0, 24 [pid 2977] <... write resumed>) = 40 [pid 2980] <... set_robust_list resumed>) = 0 [pid 2980] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2977] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2977] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2980] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2980] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2976] <... futex resumed>) = 0 [pid 2980] <... futex resumed>) = 1 [pid 2976] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2980] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2976] <... futex resumed>) = 1 [pid 2976] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2977] <... futex resumed>) = 0 [pid 2977] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2977] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2976] <... futex resumed>) = 0 [pid 2976] exit_group(0) = ? [pid 2980] <... futex resumed>) = ? [pid 2977] +++ exited with 0 +++ [ 96.628687][ T2977] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 96.664253][ T2980] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [pid 2980] +++ exited with 0 +++ [pid 2976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2976, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./540", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./540/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./540/binderfs") = 0 [ 96.681976][ T2980] EXT4-fs (loop0): pa ffff8881e69fe2a0: logic 16, phys. 128, len 24 [ 96.690068][ T2980] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./540/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./540/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./540") = 0 mkdir("./541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2981 ./strace-static-x86_64: Process 2981 attached [pid 2981] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2981] chdir("./541") = 0 [pid 2981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2981] setpgid(0, 0) = 0 [pid 2981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2981] write(3, "1000", 4) = 4 [pid 2981] close(3) = 0 [pid 2981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2981] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2981] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2981] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2982 attached , parent_tid=[2982], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2982 [pid 2981] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2981] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2982] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2982] memfd_create("syzkaller", 0) = 3 [pid 2982] ftruncate(3, 2097152) = 0 [pid 2982] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2982] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2982] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2982] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2982] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2982] mkdir("./file0", 0777) = 0 [pid 2982] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2982] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2982] ioctl(4, LOOP_CLR_FD) = 0 [pid 2982] close(4) = 0 [pid 2982] close(3) = 0 [pid 2982] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2981] <... futex resumed>) = 0 [pid 2981] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2982] chdir("./file0") = 0 [pid 2981] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2982] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2981] <... futex resumed>) = 0 [pid 2981] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2981] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2982] <... futex resumed>) = 1 [pid 2982] creat("./file0", 000) = 3 [pid 2982] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2981] <... futex resumed>) = 0 [pid 2982] <... futex resumed>) = 1 [pid 2981] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2981] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2981] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2981] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2985 attached , parent_tid=[2985], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2985 [pid 2985] set_robust_list(0x7f01680719e0, 24 [pid 2981] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2985] <... set_robust_list resumed>) = 0 [pid 2981] <... futex resumed>) = 0 [pid 2985] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2981] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2982] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2985] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 2985] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2985] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2981] <... futex resumed>) = 0 [pid 2985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2981] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2985] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2981] <... futex resumed>) = 0 [pid 2985] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2981] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2985] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2981] <... futex resumed>) = 0 [pid 2985] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2982] <... write resumed>) = 40 [pid 2982] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2981] exit_group(0) = ? [pid 2985] <... futex resumed>) = ? [pid 2985] +++ exited with 0 +++ [pid 2982] +++ exited with 0 +++ [pid 2981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2981, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./541", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./541/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./541/binderfs") = 0 [ 96.785193][ T2982] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 96.804196][ T2985] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 256-512 which overlap fs metadata umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./541/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./541/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./541") = 0 mkdir("./542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2986 ./strace-static-x86_64: Process 2986 attached [pid 2986] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2986] chdir("./542") = 0 [pid 2986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2986] setpgid(0, 0) = 0 [pid 2986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2986] write(3, "1000", 4) = 4 [pid 2986] close(3) = 0 [pid 2986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2986] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2986] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2986] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 2987 attached [pid 2987] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2987] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2986] <... clone resumed>, parent_tid=[2987], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2987 [pid 2986] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2987] <... futex resumed>) = 0 [pid 2987] memfd_create("syzkaller", 0) = 3 [pid 2987] ftruncate(3, 2097152) = 0 [pid 2987] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2987] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2987] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2987] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2987] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2987] ioctl(4, LOOP_SET_FD, 3 [pid 2986] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2987] <... ioctl resumed>) = 0 [pid 2987] mkdir("./file0", 0777) = 0 [pid 2987] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2987] ioctl(4, LOOP_CLR_FD) = 0 [pid 2987] close(4) = 0 [pid 2987] close(3) = 0 [pid 2987] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2987] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2986] <... futex resumed>) = 0 [pid 2986] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2986] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] <... futex resumed>) = 0 [pid 2987] chdir("./file0") = 0 [pid 2987] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2986] <... futex resumed>) = 0 [pid 2986] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2986] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] <... futex resumed>) = 1 [pid 2987] creat("./file0", 000) = 3 [pid 2987] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2986] <... futex resumed>) = 0 [pid 2986] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2986] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2986] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2986] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2990], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2990 [pid 2986] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2986] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] <... futex resumed>) = 1 [pid 2987] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40) = 40 [pid 2987] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2987] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2990 attached [pid 2990] set_robust_list(0x7f01680719e0, 24) = 0 [pid 2990] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775) = -1 EUCLEAN (Structure needs cleaning) [pid 2990] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2986] <... futex resumed>) = 0 [pid 2986] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2990] futex(0x7f016816b4b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2987] <... futex resumed>) = 0 [pid 2986] <... futex resumed>) = 1 [pid 2987] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0 [pid 2986] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2987] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 2987] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2986] <... futex resumed>) = 0 [pid 2987] futex(0x7f016816b4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2986] exit_group(0 [pid 2987] <... futex resumed>) = ? [pid 2986] <... exit_group resumed>) = ? [pid 2990] <... futex resumed>) = ? [pid 2987] +++ exited with 0 +++ [pid 2990] +++ exited with 0 +++ [ 96.951655][ T2987] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 96.970365][ T2990] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:2998: comm syz-executor145: Allocating blocks 128-384 which overlap fs metadata [ 96.986807][ T2986] EXT4-fs (loop0): pa ffff8881e6ba6930: logic 16, phys. 128, len 24 [pid 2986] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2986, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./542", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555656f620 /* 4 entries */, 32768) = 112 umount2("./542/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./542/binderfs") = 0 [ 96.994821][ T2986] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:3867: group 0, free 8, pa_free 24 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./542/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556577660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556577660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./542/file0") = 0 getdents64(3, 0x55555656f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./542") = 0 mkdir("./543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555656e5d0) = 2991 ./strace-static-x86_64: Process 2991 attached [pid 2991] set_robust_list(0x55555656e5e0, 24) = 0 [pid 2991] chdir("./543") = 0 [pid 2991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2991] setpgid(0, 0) = 0 [pid 2991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2991] write(3, "1000", 4) = 4 [pid 2991] close(3) = 0 [pid 2991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2991] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168072000 [pid 2991] mprotect(0x7f0168073000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2991] clone(child_stack=0x7f01680923f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2992], tls=0x7f0168092700, child_tidptr=0x7f01680929d0) = 2992 [pid 2991] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 2992 attached [pid 2991] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 2992] set_robust_list(0x7f01680929e0, 24) = 0 [pid 2992] memfd_create("syzkaller", 0) = 3 [pid 2992] ftruncate(3, 2097152) = 0 [pid 2992] pwrite64(3, "\x20\x00\x00\x00\x8e\x00\x00\x00\x19\x00\x00\x00\x90\x01\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\x08\x00\x00\x80\x00\x00\x20\x00\x00\x00\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x01\x00\xff\xff\x53\xef\x01\x00\x01\x00\x00\x00\xda\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x04\x00\x00\x08\x00\x00\x00\xd2\xc2\x00\x00"..., 102, 1024) = 102 [pid 2992] pwrite64(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\xe3\x67\x24\xc6\xf3\x4c\xaa\x84\x6e\xd2\xe5\x27\x70\x33\x78\x01\x00\x40", 31, 1248) = 31 [pid 2992] pwrite64(3, "\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x19\x00\x0f\x00\x03\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x2e\x69", 32, 4096) = 32 [pid 2992] pwrite64(3, "\x7f\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"..., 4098, 8192) = 4098 [pid 2992] pwrite64(3, "\xed\x41\x00\x00\x10\x00\x00\x00\xda\xf4\x65\x5f\xdb\xf4\x65\x5f\xdb\xf4\x65\x5f\x00\x00\x00\x00\x00\x00\x04\x00\x80\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x0a\xf3\x01\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x10", 61, 17408) = 61 [pid 2992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 2992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2992] mkdir("./file0", 0777) = 0 [pid 2992] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue") = 0 [pid 2992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 2992] ioctl(4, LOOP_CLR_FD) = 0 [pid 2992] close(4) = 0 [pid 2992] close(3) = 0 [pid 2992] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... futex resumed>) = 0 [pid 2992] <... futex resumed>) = 1 [pid 2991] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2992] chdir("./file0") = 0 [pid 2992] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... futex resumed>) = 0 [pid 2992] <... futex resumed>) = 1 [pid 2991] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f016816b4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2992] creat("./file0", 000) = 3 [pid 2992] futex(0x7f016816b4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... futex resumed>) = 0 [pid 2992] <... futex resumed>) = 1 [pid 2991] futex(0x7f016816b4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2992] write(3, "\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 40 [pid 2991] futex(0x7f016816b4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168051000 [pid 2991] mprotect(0x7f0168052000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2991] clone(child_stack=0x7f01680713f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2995], tls=0x7f0168071700, child_tidptr=0x7f01680719d0) = 2995 [pid 2991] futex(0x7f016816b4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f016816b4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2995 attached [pid 2995] set_robust_list(0x7f01680719e0, 24) = 0 [ 97.071748][ T2992] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 97.091819][ T2992] ------------[ cut here ]------------ [ 97.097278][ T2992] kernel BUG at fs/ext4/inline.c:760! [ 97.102745][ T2992] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 97.108795][ T2992] CPU: 0 PID: 2992 Comm: syz-executor145 Not tainted 5.4.190-syzkaller-00046-g9ce4508d6de9 #0 [ 97.118996][ T2992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.129043][ T2992] RIP: 0010:ext4_write_inline_data_end+0x426/0x430 [ 97.135515][ T2992] Code: ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 11 fe ff ff 4c 89 ef e8 69 73 d4 ff e9 04 fe ff ff e8 0f 44 81 ff e8 aa 06 a8 ff <0f> 0b e8 a3 06 a8 ff 0f 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 [ 97.155101][ T2992] RSP: 0018:ffff8881dc5f7a68 EFLAGS: 00010293 [ 97.161155][ T2992] RAX: ffffffff81b83416 RBX: 0000000000000000 RCX: ffff8881ec1a8000 [ 97.169096][ T2992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 97.177052][ T2992] RBP: 0000008c00080000 R08: ffffffff81b83151 R09: ffffed103cd7f297 [ 97.185000][ T2992] R10: ffffed103cd7f297 R11: 1ffff1103cd7f296 R12: ffff8881e6bf9560 [ 97.192951][ T2992] R13: 1ffff1103cd7f296 R14: ffff8881e6bf94b0 R15: 0000000000000028 [ 97.200894][ T2992] FS: 00007f0168092700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 97.209789][ T2992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 97.216340][ T2992] CR2: 00007f0168071718 CR3: 00000001e3d6b000 CR4: 00000000003406f0 [ 97.224459][ T2992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 97.232406][ T2992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 97.240345][ T2992] Call Trace: [ 97.243615][ T2992] ext4_write_end+0x1cd/0xe40 [ 97.248266][ T2992] ? ext4_da_write_end+0x9b/0xc70 [ 97.253261][ T2992] ? ext4_da_write_begin+0xef0/0xef0 [ 97.258513][ T2992] generic_perform_write+0x395/0x510 [ 97.263775][ T2992] __generic_file_write_iter+0x239/0x490 [ 97.269386][ T2992] ext4_file_write_iter+0x46e/0x1040 [ 97.274644][ T2992] ? iov_iter_init+0x83/0x160 [ 97.279318][ T2992] __vfs_write+0x4f9/0x6a0 [ 97.283715][ T2992] vfs_write+0x210/0x4f0 [ 97.287945][ T2992] ksys_write+0x158/0x260 [ 97.292255][ T2992] do_syscall_64+0xcb/0x1c0 [ 97.296739][ T2992] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 97.302617][ T2992] RIP: 0033:0x7f01680e5d29 [ 97.307002][ T2992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 97.326593][ T2992] RSP: 002b:00007f01680922f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 97.335060][ T2992] RAX: ffffffffffffffda RBX: 00007f016816b4a0 RCX: 00007f01680e5d29 [ 97.343012][ T2992] RDX: 0000000000000028 RSI: 0000000020000280 RDI: 0000000000000003 [ 97.350964][ T2992] RBP: 00007f01681380ac R08: 0000000000000000 R09: 0000000000000000 [ 97.358922][ T2992] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [pid 2995] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 672267775 [pid 2991] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2991] futex(0x7f016816b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0168030000 [pid 2991] mprotect(0x7f0168031000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2991] clone(child_stack=0x7f01680503f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2996], tls=0x7f0168050700, child_tidptr=0x7f01680509d0) = 2996 [pid 2991] futex(0x7f016816b4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2991] futex(0x7f016816b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2996 attached [pid 2996] set_robust_list(0x7f01680509e0, 24) = 0 [pid 2996] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 2996] futex(0x7f016816b4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2991] <... futex resumed>) = 0 [pid 2996] <... futex resumed>) = 1 [ 97.366866][ T2992] R13: 00007f01681370a8 R14: e5d26e84aa4cf3c6 R15: 00007f016816b4a8 [ 97.374848][ T2992] Modules linked in: [ 97.378810][ T2992] ---[ end trace 1b97d445b2b2039d ]--- [ 97.384644][ T2992] RIP: 0010:ext4_write_inline_data_end+0x426/0x430 [ 97.391152][ T2992] Code: ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 11 fe ff ff 4c 89 ef e8 69 73 d4 ff e9 04 fe ff ff e8 0f 44 81 ff e8 aa 06 a8 ff <0f> 0b e8 a3 06 a8 ff 0f 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 [ 97.410778][ T2992] RSP: 0018:ffff8881dc5f7a68 EFLAGS: 00010293 [ 97.416825][ T2992] RAX: ffffffff81b83416 RBX: 0000000000000000 RCX: ffff8881ec1a8000 [ 97.424811][ T2992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 97.432782][ T2992] RBP: 0000008c00080000 R08: ffffffff81b83151 R09: ffffed103cd7f297 [ 97.440814][ T2992] R10: ffffed103cd7f297 R11: 1ffff1103cd7f296 R12: ffff8881e6bf9560 [ 97.448762][ T2992] R13: 1ffff1103cd7f296 R14: ffff8881e6bf94b0 R15: 0000000000000028 [ 97.456732][ T2992] FS: 00007f0168092700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 97.465655][ T2992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 2996] futex(0x7f016816b4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2991] exit_group(0 [pid 2996] <... futex resumed>) = ? [pid 2991] <... exit_group resumed>) = ? [pid 2996] +++ exited with 0 +++ [ 97.472242][ T2992] CR2: 00007f0168071718 CR3: 00000001e3d6b000 CR4: 00000000003406f0 [ 97.480213][ T2992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 97.488155][ T2992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 97.496117][ T2992] Kernel panic - not syncing: Fatal exception [ 97.502324][ T2992] Kernel Offset: disabled [ 97.506630][ T2992] Rebooting in 86400 seconds..